| title | Generate and export certificates for point-to-site: Linux - strongSwan |
|---|---|
| description | Learn how to create a self-signed root certificate, export the public key, and generate client certificates using the Linux (strongSwan) CLI. |
| titleSuffix | Azure VPN Gateway |
| author | cherylmc |
| ms.service | azure-vpn-gateway |
| ms.custom | linux-related-content |
| ms.topic | how-to |
| ms.date | 02/26/2025 |
| ms.author | cherylmc |
This article shows you how to create a self-signed root certificate and generate client certificates using strongSwan. The steps in this exercise help you create certificate .pem files. If you need .pfx and .cer files instead, see the Windows- PowerShell instructions.
For point-to-site connections, each VPN client must have a client certificate installed locally to connect. Additionally, the root certificate public key information must be uploaded to Azure. For more information, see Point-to-site configuration - certificate authentication.
The following steps help you install strongSwan.
[!INCLUDE strongSwan Install]
The following steps help you generate and export certificates using the Linux CLI (strongSwan). For more information, see Additional instructions to install the Azure CLI.
[!INCLUDE strongSwan certificates]
Continue with your point-to-site configuration. See Configure P2S VPN clients: certificate authentication - Linux.