Set up a connection using a certificate

To set up an L2TP over IPsec VPN connection in Microsoft Windows 10 using an X.509 certificate, do as follows.

Prerequisite: You've downloaded the X.509 certificate from the User Portal.

Import the certificate into Windows 10

  1. Click Start and open Run.

  2. Enter mmc, and click OK to open the Microsoft Management Console.

  3. Confirm the Windows security notice.

  4. Click File > Add/Remove Snap-in.

  5. Select Certificates, then click Add.

  6. Select Computer account, then click Next.

  7. Select Local computer (the computer this console is running on).

  8. Click Finish and then OK.

  9. In the tree view on the left side, in the category Certificates (Local Computer), right-click Personal.

  10. From the context menu select All Tasks > Import.

    The Certificate Import Wizard opens.

  11. Click Next.

  12. Click Browse and select the PKCS#12 container file to import.

    You might have to select the correct file extension .p12 in the drop-down list to make the PKCS#12 container file visible.

  13. Click Open and then Next.

  14. Enter the password for the private key.

    Enter the security password you used for downloading the certificate from the User Portal.

  15. Click Next.

  16. Select Automatically select the certificate store based on the type of certificate.

  17. Click Next and then Finish.

    You should see a confirmation message that the import was successful.

  18. Click OK.

  19. From the menu, select Action > Refresh.

    Now, the newly imported certificate should be visible.

  20. Close the Microsoft Management Console.

    If asked whether you want to save anything, you don’t need to.

Configure the VPN connection in Windows 10

  1. Go to Start > Settings.

  2. In the dialog, go to Network & Internet > VPN.

  3. Click Add a VPN connection.

  4. In the dialog, specify the following settings:

    VPN provider: Select Windows (built-in).

    Connection name: Enter a name for the connection.

    Server name or address: Enter the DNS name or the IP address of your organization’s server that accepts remote access connections. Your organization’s administrator should have provided this information to you.

    VPN type: Select L2TP/IPsec with certificate. Automatic should work as well if Windows can determine the type during the connection establishment.

    Type of sign-in info: Select User name and password.

  5. (Optional) You can enter your username and password now. You can also save these along with the connection.

    If you don’t enter your credentials, Windows prompts you when you initiate the connection.

  6. Click Save.
  7. Select Connect to test the connection.
  8. Close the dialog once you’re finished.