I'm getting the 798: No EAP-compatible certificate found error when trying to use Microsoft:Certificate EAP protocol with IKEv2 VPN in Windows 7.
PKI is OpenSSL-based, on RHEL
Client system is Windows 7 Home Basic
The certificate signed by my CA has following parameters (openssl x509 -text...):
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Basic Constraints:
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Client Authentication
Netscape Cert Type:
SSL Client
where Extended Key Usage was set as clientUsage in OpenSSL config, Netscape Cert Type was added later (i've tried certificate without this extension also)
Root CA certificate has been succesfully imported to Windows.
Client key/certificate as pkcs#12 has been succefully imported to Windows.
The similar OpenSSL-issued key was succeffully used with IKEv2 VPN as Computer Certificate.