(v12.0.8874.35714 started 2024-04-18 18:00:37 on VM2)
Hints to generate certificates to be used by the Application Gateway:
Client/user certificates for authentication: Any certificate (software certificate or smartcard) where "Enhanced Key Usage" contains "Client Authentication" can be used. The certificates must contain an email address, because email addresses are used by the Application Gateway to defined access rights.
Server certificates for encryption and authentication: Any software certificate where "Enhanced Key Usage" contains "Server Authentication" can be used.
Such certificates can be obtained from various certification authorities (CA). Another option is to build a CA of your own, e.g. using the built-in CA of a Microsoft Server.
Or to generate certificates using PowerShell scripts running on Windows 10 Professional or Windows Server. Examples can be found here: - Script to generate client/user certificates. - Script to generate server certificates. At the first run a "CA" certificate will be generated to sign the certificates. To reference this certificate for later use the hash value of the certificate is stored in CAsavedHash.txt within the current directory. All generated certificates will be stored in the Microsoft certificate store of the current user. This approach is fine in a test environment and for configurations where no high security level is required. One disadvantage is that there is no certificate revocation list (CRL).
Note: Ensure that the CA certificate is installed in "Trusted Root Certification Authorities".
Hints and options concerning certificate loading can be found here.
