An Azure Virtual Network Gateway lets you create a secure connection to Azure resources that are connected to an Azure Virtual Network without having to expose them to the internet. For example, if you have a Virtual Machine running on a Virtual Network, you can remove the Public IP Address from that Virtual Machine and then leverage a Virtual Network Gateway with Point-to-site configuration to RDP to that Virtual Machine.

This process is well documented by Microsoft, but the steps are scattered across a few pages so I’m going to consolidate them here.

NB: Virtual Network Gateways are not free.


Create a self-signed root & client certificate

Open a new PowerShell (Administrator) window and run the following commands in the same window.

NB: Change the -Subject arguments to use CN values that are meaningful to your setup.

$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SRootCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=P2SChildCert" -KeyExportPolicy Exportable `
-HashAlgorithm sha256 -KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

Export root certificate

  1. To obtain a .cer file from the certificate, open Manage user certificates. Locate the self-signed root certificate, typically in Certificates - Current User\Personal\Certificates, and right-click. Click All Tasks, and then click Export. This opens the Certificate Export Wizard.
  2. In the Wizard, click Next. Select No, do not export the private key, and then click Next.
  3. On the Export File Format page, select Base-64 encoded X.509 (.CER)., and then click Next.
  4. On the File to Export, Browse to the location to which you want to export the certificate. For File name, name the certificate file. Then, click Next.
  5. Click Finish to export the certificate. You see The export was successful. Click OK to close the wizard.