VPN authentication

[Ian]

I want to set a VPN using certificates for Authentication.
I have used KB article 259880 as a basis for doing this.

When I configure the RRAS profile on the server to use the
certificate, I get the error:

A certificate could not be found that can be used with
this Extensible Authentication Protocol.

What am I doing wrong?

 

[Sam Salhi [MSFT]]

You need a valid certificate that:
a) Subject name
b) The subject name is equal to the machine's dns name
b) Has "Server Authentication" EKU
c) Has Microsoft RSA SChannel Cryptographic provider

(Machine cert should have all the above, you might need to modify the
template)

 

[Priya Raghavan [MSFT]]

You require User certificates for EAP authentication. Are the certs
installed in user store?

Thanks,
Priya.

 

[Priya Raghavan [MSFT]]

Sorry, I meant in the CLIENT side, you require user certificates. For the
SERVER side, you need to check if your certificate on the server side has
the requirements specified by Sam below.

Thanks,
Priya