Hey guys. It’s the third time I set up AOVPN and the first when I had that problem.
Everything works well, including connecting from a domain-joined machine. I’m exporting personal cert+root. Importing it to non domain-joined, again personal and root. I tried to connect, only to get the error: A certificate could not be found that can be used with this extensible authentication protocol. Code 798…
I tried exporting/importing manually and through powershell. Importing to both local machine and user stores. I even put root cert to intermediate certification. Literally everywhere where it makes minimal sense. Same outcome.
I’m nearly sure that the problem is in the certificate itself (probably root?) because when I pull the cert from AD, everything works well.
In the other 2 configs, I never had that problem, after importing manually it was just working.
Do I forget about something with exporting? Or maybe CertAutority is misconfigured? However what if I’m just exporting the cert manually?
For extra information: I tried exporting as .cer and .p7b with a whole chain. The only difference is that when I choose “automatic select of the store” they land in “other people” instead of personal but that’s expected since I’m importing to a non-domain.
AOVPN doesn’t allow exporting private keys so I’m completely out of ideas. Also doesn’t matter how many different certificates I put in store, even if I have unchecked “simplified choice of certificate” It never asks me to choose.
I tried also this: https://directaccess.richardhicks.com/2019/05/28/always-on-vpn-users-prompted-for-certificate/
Edit: I forgot to mention, thumbprints on certificates are the same.
So guys, big beer for anyone who can help with that…
A lot of respect for your work!
