Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,675 questions
P2S VPN with custom audience on Mac OS 15.3.1 Sequoia Unable to use Digicert Global Root G2
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 99%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPT%3C/text%3E%3C/svg%3E)
Palhota, Tiago
0
Reputation points
I've created a VPN Gateway and configured P2S following the official MS tutorial "https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-entra-register-custom-app". My application is running on a custom audience so that I can control who can access the VPN.
I've downloaded the client profile and imported it onto my Macbook M1. I've also changed the azurevpnconfig.xml to include the <applicationid> which points at the Microsoft Azure VPN Audience (c632b3df-fb67-4d84-bdcf-b95ad541b5c8).
What I'm observing is that I'm not able to connect using DigiCert Global Root G2(The default whilst opening the xml file is DigiCert Global Root CA) as suggested in all the tutorials. The error I'm getting is "Failed to connect to the server. Unexpected error"
If I change the Server Validation to Digicert Global Root CA, the connection is successful and I get assigned a private IP as expected.
Why am I not able to use G2 as mentioned in all the tutorials?
Thanks
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Ganesh Patapati 4,150 Reputation points Microsoft External Staff2025-03-07T16:50:58.08+00:00 Greetings!
Please cross verify the below points.
- Check the Root certificate used by the VPN gateway must be configured with a server certificate from G2.
- Also, please check if the G2 root certificate is properly installed and trusted on the Mac. - Download the DigiCert Global Root G2 certificate from DigiCert’s Trust Center and install it into the System Keychain on your Mac and set it to Always Trust. - Ensure the XML configuration correctly references the G2 root certificate's thumbprint.
- Regenerate the server certificate using the G2 root certificate and reconfiguring the VPN gateway.
- If possible, test the connection using a different VPN client or on a different device to see if the issue persists. - Review the VPN client logs for any specific error messages that could provide more insights into why the connection fails with G2.
Can you please update us if the action plan provided by was helpful?
Should there be any follow-up questions or concerns, please let us know and we shall try to address them.
Sign in to comment
Sign in to answer