安装用于 P2S 证书身份验证连接的客户端证书Install client certificates for P2S certificate authentication connections

使用点到站点 Azure 证书身份验证连接到虚拟机的所有客户端都需要一个客户端证书。All clients that connect to a virtual network using Point-to-Site Azure certificate authentication require a client certificate. 本文可用来帮助安装在使用 P2S 连接到 VNet 时用于身份验证的客户端证书。This article helps you install a client certificate that is used for authentication when connecting to a VNet using P2S.

获取客户端证书Acquire a client certificate

无论要从什么客户端操作系统进行连接,都必须具有客户端证书。No matter what client operating system you want to connect from, you must always have a client certificate. 可以基于使用企业 CA 解决方案生成的根证书来生成客户端证书,也可以生成自签名证书。You can generate a client certificate from either a root certificate that was generated using an Enterprise CA solution, or a self-signed root certificate. 有关生成客户端证书的步骤,请参阅 PowerShellMakeCertLinux 说明。See the PowerShell, MakeCert, or Linux instructions for steps to generate a client certificate.

WindowsWindows

如果想要从另一台客户端计算机(而不是用于生成客户端证书的计算机)创建 P2S 连接,需要安装客户端证书。If you want to create a P2S connection from a client computer other than the one you used to generate the client certificates, you need to install a client certificate. 安装客户端证书时,需要使用导出客户端证书时创建的密码。When installing a client certificate, you need the password that was created when the client certificate was exported.

  1. 找到 .pfx 文件并将其复制到客户端计算机。Locate and copy the .pfx file to the client computer. 在客户端计算机上,双击 .pfx 文件以进行安装。On the client computer, double-click the .pfx file to install. 将“存储位置” 保留为“当前用户” ,然后单击“下一步” 。Leave the Store Location as Current User, and then click Next.
  2. 在“要导入的文件”页上,不要进行任何更改。On the File to import page, don't make any changes. 单击“下一步”。 Click Next.
  3. 在“私钥保护” 页上,输入证书的密码,或验证安全主体是否正确,并单击“下一步” 。On the Private key protection page, input the password for the certificate, or verify that the security principal is correct, then click Next.
  4. 在“证书存储”页上,保留默认位置,并单击“下一步”。On the Certificate Store page, leave the default location, and then click Next.
  5. 单击“完成” 。Click Finish. 在证书安装的“安全警告”上,单击“”。On the Security Warning for the certificate installation, click Yes. 可随时单击“是”,因为证书已生成。You can feel comfortable clicking 'Yes' because you generated the certificate. 现已成功导入证书。The certificate is now successfully imported.

MacMac

备注

Mac VPN 客户端仅在资源管理器部署模型中受支持。Mac VPN clients are supported for the Resource Manager deployment model only. 经典部署模型不支持它们。They are not supported for the classic deployment model.

安装客户端证书时,需要使用导出客户端证书时创建的密码。When installing a client certificate, you need the password that was created when the client certificate was exported.

  1. 找到 .pfx 证书文件并将其复制到你的 Mac。Locate the .pfx certificate file and copy it to your Mac. 可以通过多种方式将证书传送到 Mac,例如,可以通过电子邮件发送证书文件。You can get the certificate to the Mac in several ways, for example, you can email the certificate file.

  2. 将证书复制到 Mac 后,双击证书以打开“添加证书”框,然后单击“添加”以开始安装。 After the certificate copied to the Mac, double-click the certificate to open the Add Certificates box, the click Add to begin the install.

    添加证书

  3. 输入在导出客户端证书时创建的密码。Enter the password that you created when the client certificate was exported. 该密码用于保护证书的私钥。The password protects the private key of the certificate. 单击“确定”完成安装。 Click OK to complete the installation.

    密码

LinuxLinux

Linux 客户端证书作为客户端配置的一部分安装在客户端上。The Linux client certificate is installed on the client as part of the client configuration. 有关说明,请参阅客户端配置 - LinuxSee Client configuration - Linux for instructions.

后续步骤Next steps

继续执行点到站点配置步骤来创建和安装 VPN 客户端配置文件Continue with the Point-to-Site configuration steps to Create and install VPN client configuration files.