Establishing a Point-to-Site VPN Connection to Azure Virtual Network | Exam AZ-104 Microsoft Azure Administrator

Step-by-Step Guide: Exporting and Installing Client Certificate for Point-to-Site VPN Connection

Prev Question Next Question

Question

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.

After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.

You have a computer named Computer1 that has a point-to-site VPN connection to an Azure virtual network named VNet1. The point-to-site connection uses a self-signed certificate.

From Azure, you download and install the VPN client configuration package on a computer named Computer2.

You need to ensure that you can establish a point-to-site VPN connection to VNet1 from Computer2.

Solution: You export the client certificate from Computer1 and install the certificate on Computer2.

Does this meet the goal?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B.

A

Each client computer that connects to a VNet using Point-to-Site must have a client certificate installed. You generate a client certificate from the self-signed root certificate, and then export and install the client certificate. If the client certificate is not installed, authentication fails.

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site

The solution of exporting the client certificate from Computer1 and installing the certificate on Computer2 does meet the goal of establishing a point-to-site VPN connection to VNet1 from Computer2.

When a point-to-site VPN connection is established, the VPN client needs to authenticate the connection by presenting a valid client certificate. In this scenario, Computer1 has already established a point-to-site VPN connection to VNet1 and has a self-signed client certificate. To enable Computer2 to connect to VNet1, we need to install the same client certificate on Computer2.

The process of exporting and installing the client certificate on Computer2 can be done using the following steps:

  1. On Computer1, open the Certificate Manager by typing "certmgr.msc" in the Run dialog box.
  2. Navigate to the Personal folder and select the certificate that is used for the point-to-site VPN connection.
  3. Right-click on the certificate and select "Export".
  4. Follow the Export Wizard and choose to export the private key.
  5. Save the exported certificate to a file and copy it to Computer2.
  6. On Computer2, double-click on the exported certificate file to open the Certificate Import Wizard.
  7. Follow the wizard and choose to import the certificate into the Personal store.
  8. Once the certificate is imported, the VPN client on Computer2 should be able to authenticate and connect to VNet1 using the same self-signed certificate as Computer1.

Therefore, the solution of exporting the client certificate from Computer1 and installing the certificate on Computer2 does meet the goal of establishing a point-to-site VPN connection to VNet1 from Computer2.

Prev Question Next Question