Install client certificates for User VPN connections

  • Article

When a Virtual WAN User VPN P2S configuration is configured for certificate authentication, each client computer must have a client certificate installed locally. This article helps you install a client certificate locally on a client computer. You can also use Intune to install certain VPN client profiles and certificates.

If you want to generate a client certificate, see Generate and export certificates for User VPN connections.

Windows

  1. Once the client certificate is exported, locate and copy the .pfx file to the client computer.
  2. On the client computer, double-click the .pfx file to install. Leave the Store Location as Current User, and then select Next.
  3. On the File to import page, don't make any changes. Select Next.
  4. On the Private key protection page, input the password for the certificate, or verify that the security principal is correct, then select Next.
  5. On the Certificate Store page, leave the default location, and then select Next.
  6. Select Finish. On the Security Warning for the certificate installation, select Yes. You can comfortably select 'Yes' for this security warning because you generated the certificate.
  7. The certificate is now successfully imported.

macOS

  1. Locate the .pfx certificate file and copy it to your Mac. You can get the certificate to the Mac in several ways. For example, you can email the certificate file.
  2. Double-click the certificate. You will either be asked to input the password and the certificate will automatically install, or the Add Certificates box will appear. On the Add Certificates box, click Add to begin the install.
  3. Select login from the dropdown.
  4. Enter the password that you created when the client certificate was exported. The password protects the private key of the certificate. Click OK.
  5. Click Add to add the certificate.
  6. To view the added certificate, open the Keychain Access application and navigate to the Certificates tab.

Linux

The Linux client certificate is installed on the client as part of the client configuration. Use the VPN Gateway Client configuration - Linux instructions.

Next steps

Continue with the Virtual WAN User VPN configuration steps.