“A certificate cloud not be found that can be used with this Extensible Authentication Protocol” error in IAS

After issuing a new certificate for a Windows Server 2003 running IAS this error presented itself in the IAS console when trying to configure EAP with the new certificate:

image

“A certificate could not be found that can be used with this Extensibel Authentication Protocol.”

This was accompanied by these two events in the System Log:

image

image

This was the new certificate, based on the default Computer template in Windows:

image

Notice the empty subject field, IAS/NPS does not accept certificates with empty subject names for use with EAP or Smart Cards. The certificate template that had been used for this certificate was a duplicate of the default Computer template. The template looked like this:

image

After creating a new template from the default Computer template, now with Subject name format set to Common name, and issuing a new certificate; IAS worked fine.

So don’t use certificate with blank subjects for your IAS/NPS servers…

Join the Conversation

3 Comments

  1. Thank you very much!!! I worked for days on a CA related issue and eventually had the feeling that something must have been wrong with the cert. template – and THAT WAS IT! Thanks to you I got 802.1X authentication finally to work!

  2. I messed around with this forever and this solve my problem. Thanks

Leave a comment

Your email address will not be published. Required fields are marked *