A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798)

AgilineHost 0 Reputation points
2023-06-19T09:20:56.1833333+00:00

hi,

We have configured Point to site VPN. Certificate validity also is there.

We are not able to connect VPN

How to resolve this issue?

User's image

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,798 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Saravanan Selamban 11 Reputation points Microsoft Employee
    2024-02-16T14:20:03.9366667+00:00

    Create two certificates Child and Root, save it into "Cert:\CurrentUser\My" and upload the root cert's public key (.cer) to Azure VPN G/W configuration then save config, download VPN Client and retry.

    Note: Below guidance is for dev/test environment.

    A) PowerShell Code to create these two certificates (Root and Child) $cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=P2SRootCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign New-SelfSignedCertificate -Type Custom -DnsName P2SChildCert -KeySpec Signature -Subject "CN=P2SChildCertServerADDS" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" ` -Signer $cert -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2")

    B) Check if certs (Root and Child) are created under user "Certificates\Current User\Personal\Certificates" PS Code: Get-ChildItem "Cert:\CurrentUser\My" GUI: Run =>MMC=>Ctrl+M=> Select "Certificates" and "Add" to snap-ins => My User Account =>Finish Explore under Console root => Certificates-Current user =>Personal =>Certificates Root and Child Cert should be available here

    C)Export Root cert's pub key and configure with Azure VPN Right Click on Root Cert which previously discovered =>All Tasks=>Export=>"Choose "No, do not export the private key" =>Export File format should be " base-64 encoded x.509(.cer)=>Saves the file to localmachine(ex: C:\RootCertPubkey.cer) Configure Azure VPN: Go to RootCertPubkey.cer (ex: C:\RootCertPubkey.cer) =>Right Click=>Open With=> Notepad=> Copy signature block alone (I.e. everything between -----BEGIN CERTIFICATE----- to-----END CERTIFICATE-----) Upload copied key,how? Follow below steps Go to Azure Portal => Virtual network Gateway =>P2S Configuration within the Root Certificates section paste the previously coped root cert's public data from notepad. Name = CNRootCertPubdata ,Public Certficate data = <PASTE here> Now, Click Save and Download VPN Client and reconfigure the VPN setting on VPN client.

    2 people found this answer helpful.
    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.