A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

Question

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

AgilineHost 0

hi,

We have configured Point to site VPN. Certificate validity also is there.

We are not able to connect VPN

How to resolve this issue?

User's image

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-19T09:27:48.5533333+00:00

Hello @AgilineHost ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that you are unable to connect to Azure point to site VPN and getting error 798.

This error is caused mainly if client certificate is missing or deployed in the wrong place or if the right public certificate is not well configured on the VPN Gateway.

Did you follow the below troubleshooting doc?

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems#vpn-client-error-a-certificate-could-not-be-found

Note: Always ensure that the client certificate is imported without the "Enable strong private key protection" option.

Regards,

Gita
AgilineHost 0 Reputation points

2023-06-19T12:08:55+00:00

I followed below link but No Luck

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems#vpn-client-error-a-certificate-could-not-be-found
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-19T12:55:53.3033333+00:00

Hello @AgilineHost , May I know which type of certificate you are using on the VPN gateway? Are you using a self-signed certificate or Enterprise certificate or a root CA certificate?
AgilineHost 0 Reputation points

2023-06-19T13:00:13.76+00:00

Certificate is generated in Windows 10 machine and uploaded root to Azure sitr
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-19T13:07:01.0266667+00:00

Hello @AgilineHost , was the certificate created using the steps mentioned in the below doc?

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
AgilineHost 0 Reputation points

2023-06-19T15:46:09.67+00:00

Yes, using this url steps created certificate
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-21T10:39:21.2266667+00:00
Hello @AgilineHost ,

Could you please share the below details?

What is the tunnel type configured for your P2S VPN in the Azure portal? (IKEv2/SSTP/OpenVPN or mixed) Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#type

What is the OS model and version of the client machine on which Azure VPN client is installed?

Regards,

Gita
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-26T10:31:13.3+00:00

Hello @AgilineHost , could you please share the requested details for further discussion on this issue?
AgilineHost 0 Reputation points

2023-06-27T00:37:09.04+00:00

Hello GitaraniSharma-MSFT,

SSTP tunnel configured on Azure portal.

Azure P2S VPN client application running on Windows 10 OS.

Thank You,

Balu
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-27T13:58:33.64+00:00

Hello @AgilineHost ,

Thank you for the details.

798 error is a very basic error which doesn't have many causes. It is mostly due to certificate configuration only.

Could you please confirm if the child certificate was created correctly and then installed on the windows machine from where you are trying to connect to VPN.

This error can also occur when a client certificate has not been created/installed and has only created the Root certificate. Both root and child certificates should be created, even on the computer that made the Root cert.

If you have created & installed the child certificate on the windows machine, could you please delete your existing certificate and re-install the certificate again with "Enable strong private key protection..." option being unchecked on the Private key protection page.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert#installwin

You can also try uninstalling, re-downloading and re-installing the VPN client from Azure portal to make sure there are no conflicts.

Delete the old VPN client configuration files from C:\Users\YourUserName\AppData\Roaming\Microsoft\Network\Connections\Cm

Download a new VPN client from the Azure portal P2S VPN configuration page.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-windows#azure-portal

Unzip the VPN client profile configuration file and run the appropriate VPN client installer.

Regards,

Gita
Robert Hodges 1 Reputation point

2024-01-19T19:32:08.84+00:00

Same issue. Following instructions and still have error 798. Has anyone found a solution to this?
Glòria Espinasa Busquets 0 Reputation points

2024-01-23T07:36:55.1033333+00:00

You need install certificate root and client on storage Personal\Certificates, then you can connect and download again client VPN on Azure
network security 0 Reputation points

2025-04-07T07:43:39.73+00:00

I have created a azure VM and using the command i have created the root certificate and child certificate. I have import both certificate (root an child) in the azure VM.

From that i have configure the P2S vpn in the azure portal..
In the root certificate option, i have given the value.
I have downloaded the vpn client in the loical machine and i am getting the same error.
"A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"
How ever i am using azure certificate on this.

could you please help me out on this.

1 answer

Your answer

GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-19T09:27:48.5533333+00:00

Hello @AgilineHost ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

I understand that you are unable to connect to Azure point to site VPN and getting error 798.

This error is caused mainly if client certificate is missing or deployed in the wrong place or if the right public certificate is not well configured on the VPN Gateway.

Did you follow the below troubleshooting doc?

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems#vpn-client-error-a-certificate-could-not-be-found

Note: Always ensure that the client certificate is imported without the "Enable strong private key protection" option.

Regards,

Gita
AgilineHost 0 Reputation points

2023-06-19T12:08:55+00:00

I followed below link but No Luck

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems#vpn-client-error-a-certificate-could-not-be-found
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-19T12:55:53.3033333+00:00

Hello @AgilineHost , May I know which type of certificate you are using on the VPN gateway? Are you using a self-signed certificate or Enterprise certificate or a root CA certificate?
AgilineHost 0 Reputation points

2023-06-19T13:00:13.76+00:00

Certificate is generated in Windows 10 machine and uploaded root to Azure sitr
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-19T13:07:01.0266667+00:00

Hello @AgilineHost , was the certificate created using the steps mentioned in the below doc?

https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
AgilineHost 0 Reputation points

2023-06-19T15:46:09.67+00:00

Yes, using this url steps created certificate
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-21T10:39:21.2266667+00:00

Hello @AgilineHost ,

Could you please share the below details?

What is the tunnel type configured for your P2S VPN in the Azure portal? (IKEv2/SSTP/OpenVPN or mixed) Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-point-to-site-resource-manager-portal#type

What is the OS model and version of the client machine on which Azure VPN client is installed?

Regards,

Gita
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-26T10:31:13.3+00:00

Hello @AgilineHost , could you please share the requested details for further discussion on this issue?
AgilineHost 0 Reputation points

2023-06-27T00:37:09.04+00:00

Hello GitaraniSharma-MSFT,

SSTP tunnel configured on Azure portal.

Azure P2S VPN client application running on Windows 10 OS.

Thank You,

Balu
GitaraniSharma-MSFT 50,096 Reputation points Microsoft Employee Moderator

2023-06-27T13:58:33.64+00:00

Hello @AgilineHost ,

Thank you for the details.

798 error is a very basic error which doesn't have many causes. It is mostly due to certificate configuration only.

Could you please confirm if the child certificate was created correctly and then installed on the windows machine from where you are trying to connect to VPN.

This error can also occur when a client certificate has not been created/installed and has only created the Root certificate. Both root and child certificates should be created, even on the computer that made the Root cert.

If you have created & installed the child certificate on the windows machine, could you please delete your existing certificate and re-install the certificate again with "Enable strong private key protection..." option being unchecked on the Private key protection page.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert#installwin

You can also try uninstalling, re-downloading and re-installing the VPN client from Azure portal to make sure there are no conflicts.

Delete the old VPN client configuration files from C:\Users\YourUserName\AppData\Roaming\Microsoft\Network\Connections\Cm

Download a new VPN client from the Azure portal P2S VPN configuration page.

Refer: https://learn.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-cert-windows#azure-portal

Unzip the VPN client profile configuration file and run the appropriate VPN client installer.

Regards,

Gita
Robert Hodges 1 Reputation point

2024-01-19T19:32:08.84+00:00

Same issue. Following instructions and still have error 798. Has anyone found a solution to this?
Glòria Espinasa Busquets 0 Reputation points

2024-01-23T07:36:55.1033333+00:00

You need install certificate root and client on storage Personal\Certificates, then you can connect and download again client VPN on Azure
network security 0 Reputation points

2025-04-07T07:43:39.73+00:00

I have created a azure VM and using the command i have created the root certificate and child certificate. I have import both certificate (root an child) in the azure VM.

From that i have configure the P2S vpn in the azure portal..
In the root certificate option, i have given the value.
I have downloaded the vpn client in the loical machine and i am getting the same error.
"A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)"
How ever i am using azure certificate on this.

could you please help me out on this.

Answer 1

Create two certificates Child and Root, save it into "Cert:\CurrentUser\My" and upload the root cert's public key (.cer) to Azure VPN G/W configuration then save config, download VPN Client and retry.

Note: Below guidance is for dev/test environment.

A) PowerShell Code to create these two certificates (Root and Child) $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature -Subject "CN=P2SChildCertServerADDS" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" ` -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

B) Check if certs (Root and Child) are created under user "Certificates\Current User\Personal\Certificates" PS Code: Get-ChildItem "Cert:\CurrentUser\My" GUI: Run =>MMC=>Ctrl+M=> Select "Certificates" and "Add" to snap-ins => My User Account =>Finish Explore under Console root => Certificates-Current user =>Personal =>Certificates Root and Child Cert should be available here

C)Export Root cert's pub key and configure with Azure VPN Right Click on Root Cert which previously discovered =>All Tasks=>Export=>"Choose "No, do not export the private key" =>Export File format should be " base-64 encoded x.509(.cer)=>Saves the file to localmachine(ex: C:\RootCertPubkey.cer) Configure Azure VPN: Go to RootCertPubkey.cer (ex: C:\RootCertPubkey.cer) =>Right Click=>Open With=> Notepad=> Copy signature block alone (I.e. everything between -----BEGIN CERTIFICATE----- to-----END CERTIFICATE-----) Upload copied key,how? Follow below steps Go to Azure Portal => Virtual network Gateway =>P2S Configuration within the Root Certificates section paste the previously coped root cert's public data from notepad. Name = CNRootCertPubdata ,Public Certficate data = <PASTE here> Now, Click Save and Download VPN Client and reconfigure the VPN setting on VPN client.

Share via

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

1 answer

Your answer