Azure Point to Site Error: A certificate could not be found that can be used with this Extensible Authentication Protocol.

While configuring Azure point to site VPN, you might get this error at the client side:

A certificate could not be found that can be used with this Extensible Authentication Protocol. (Error 798) For customised troubleshooting information for this connection

while connecting, this error basically means that:

  • Either you are missing a EAP certificate in your personal store.
  • If you have installed the certificate already, it might not be ready for EAP usage, this can happen for different reasons, I have seen for example that you can’t use powershell to generate client certificates to use with Azure VPN, only makecert.exe works.

so calm down and focus on fixing the EAP certificate at the client side on the personal store, this is the source of the problem, make sure that you have the private key and that the certificate is issued by the same Root CA certificate installed on Azure Gateway and use Makecert to create the client certificate, a sample command would be:

makecert.exe -n “CN=SureskillzClient” -pe -sky exchange -m 96 -ss My -in “sureskillzRoot” -is my -a sha1