[network-manager-sstp.wiki] Update Connect to Microsoft Azure VNetGateway

[Eivind Næss <eivnaes src gnome org>]

commit 94067b54387240721e2626eda58c1e73e6f1274d
Author: Eivind Næss <eivnaes yahoo com>
Date:   Mon Apr 11 23:33:38 2022 +0000

    Update Connect to Microsoft Azure VNetGateway

 Connect-to-Microsoft-Azure-VNetGateway.md | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)
---
diff --git a/Connect-to-Microsoft-Azure-VNetGateway.md b/Connect-to-Microsoft-Azure-VNetGateway.md
index e12424c..169234b 100644
--- a/Connect-to-Microsoft-Azure-VNetGateway.md
+++ b/Connect-to-Microsoft-Azure-VNetGateway.md
@@ -10,11 +10,9 @@ Setting up the certificates:
 
 <https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site-linux>
 
-Export your CA certificate here: `openssl x509 -in caCert.pem -outform der | base64 -w0 ; echo`
-
 For the client certificates, skip the step in creating a PKCS12 envelope. The pppd doesn't currently support 
using PKCS12 certificates yet.
 
-You'll need to keep the .pem files for both user and key.
+You'll need to keep the .pem files for both user and key. However, the CA certificate is only needed to 
ensure presented user certificate was indeed signed by the CA. Both the Azure gateway as well as the EAP-TLS 
connection will serve out a certificate signed by DigiCert (www.digicert.com) and can be validated by your 
currently installed list of CA certificates with the distribution.
 
 ## Configure your Linux Desktop
 
@@ -33,9 +31,12 @@ This file contains the details of your VPN connection. Unzip the archive into a
 
 This XML contains these interesting details needed to configure your SSTP VPN on the GNOME desktop:
 
-- VpnServer: The fully qualified domain name of the Azure SSTP VPN server
+- VpnServer: The fully qualified domain name of the Azure SSTP VPN gateway
 - Routes: needed for to reach your Azure resources
 - VpnClientAddressPool: The first address in this pool is your gateway
+- CA certificate
+
+The CA certificate in this archive should already be included in your distribution (i.e. /etc/ssl/certs). 
You should not need to base64 decode it and convert it to a PEM file.
 
 ### Configure your Connection
 
@@ -45,11 +46,9 @@ Open up your Network Settings via the GNOME desktop. Under VPN, click the '+' ic
 
 Copy and paste the value from the VpnServer field in the XML document into the Gateway entry. Where it says 
Type: "Password", click and select "Certificate". This should change the layout of the dialog to let you 
enter the certificate details.
 
-For the "User certificate", select your .pem file previously generated for Certificate. For the "User 
private key", select the .pem file generated as the certificate key. If you didn't encrypt the private key, 
there is no need to supply a password for this.
-
-**Leave the CA certificate field blank!** The CA certificate you generated in order to sign the user 
certificate with is only need to validate the certificate the client presents to the server.
+For the "User certificate", select your PEM file previously generated for Certificate. For the "User private 
key", select the PEM file generated as the certificate key. If you didn't encrypt the private key, there is 
no need to supply a password for this.
 
-Both the CA certificate for the EAP-TLS authentication session and the SSL connection to you Azure 
VNetGateway uses a certificate issued to Microsoft with DigiCert 
([www.digicert.com](http://www.digicert.com)) as the root CA. This certificate should be included in your 
list of root certificates in /etc/ssl/certs directory.
+In cases where your distribution already provided the default path to the system ca certificates (e.g. 
/etc/ssl/certs), configuring a CA step can be skipped entirely and you can leave the CA certificate field 
blank.
 
 ### Configure your Virtual Network
 If you made it so far, congratulations. You are connected to your Azure VNET!