I'm trying to make a VPN connection to a Windows Server 2012 Essentials server. I can successfully connect using SSTP, but I want to use IKEv2 to improve performance. However, when I try to connect, I receive the following error messsage: "Error 13819: Invalid certificate type".
The message suggests to me that the certificate being used does not have the correct EKU attributes for an IKEv2 connection. However, I have issued a certificate for the server, placed in the server's Personal Store, which includes the EKUs forServer Authentication and IP security IKE Intermediate, as specified inthis tutorial (albeit for Server 2008) The certificate is self-signed, with the root authority trusted by the client computers.
What I would like to do is to find out exactly which certificate is actually being selected by the server for the IKEv2 connection. I can't see any way of verifying which is being used - I suspect the server may be selecting a different certificate without
the correct EKUs. Once I am sure of the certificate being used, I could verify it on the client computers with certutil.
Could anyone suggest how I could do that?
Thanks.