question

DominicNancy-8720 avatar image
0 Votes"
DominicNancy-8720 asked GitaraniSharmaMSFT-4262 commented

Could not find a certificate that can be used for the Extensible Authentication Protocol

Hello everyone, I configured certificate verification in Azure, and then imported the certificate into the computer account and personal account, but when I use the VPN link, it seems that I can't find a certificate that can be used for an extensible authentication protocol.139181-image.png


azure-virtual-networkazure-vpn-gateway
image.png (619.1 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

139201-image.png


I have followed the official documentation, but I still can’t connect. I have tried self-signed certificates and certificates issued by institutions, but I can’t link https://docs.microsoft.com/en-us/azure/vpn-gateway/ vpn-gateway-troubleshoot-vpn-point-to-site-connection-problems

0 Votes 0 ·
image.png (96.1 KiB)

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered GitaraniSharmaMSFT-4262 commented

Hello @DominicNancy-8720 ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

If you have already followed this troubleshooting doc and it is still not working, you may have to create a new certificate and it should work.
Before you go ahead and create a new certificate, make sure to delete the existing network connections on your client machine by browsing to:
C:\Users<UserName>\AppData\Roaming\Microsoft\Network\Connections\Cm<GUID>
Delete the existing GUID folders.

Then follow the below docs to generate & install a new certificate to your client machine, add the root certificate data to your Azure VPN gateway and then download the fresh VPN client from Azure portal (VPN gateway) & install it:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-how-to-vpn-client-install-azure-cert
https://docs.microsoft.com/en-us/azure/vpn-gateway/point-to-site-vpn-client-configuration-azure-cert

Note: When you import the client certificate, do not select the Enable strong private key protection option.

If you still face the same issue, we may need to investigate further offline.

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I found that it was caused by a problem with the created certificate. My steps to create a certificate are as follows:
1.Open the key vault, create a new certificate, customize the certificate name and subject
2.Download certificates in cer format and pfx format
3.Copy the contents of the open cer certificate into the public certificate data of the virtual network gateway
4.Import the cer file into Local Computer\Trusted Root Certification Authorities
5.Import the pfx file into Current User\Personal\Certificates
6.Download the client in the virtual network gateway to connect
Say whether my above method is correct, and there is something missing, because I tested that it is indeed related to the certificate, not the setting

0 Votes 0 ·

Hello @DominicNancy-8720 ,

You cannot use certificates from Azure Key Vault for Point to site VPN. It is not supported.
You can only use your Enterprise PKI solution (your internal PKI), Azure PowerShell, MakeCert, and OpenSSL to create certificates.

Please refer : https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-vpn-faq#can-i-use-certificates-from-azure-key-vault

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

0 Votes 0 ·

Hello, I generated a self-signed certificate through New-SelfSignedCertificate

[1]: /answers/storage/attachments/140435-1709b9e9ef597dba9d54a3d329a7510.png




But it still doesn't seem to work

0 Votes 0 ·
Show more comments

Can you help me generate a certificate, and then tell me where to put it on the computer. Can I test it? I want to see if there is a problem with the certificate I generated

0 Votes 0 ·
Show more comments