I have recently set up an Azure VPN Gateway (openSSL) and SCEP device certificates (using SCEPman).
Together with the Azure VPN Client it is basically working fine on Windows 10 with AAD Authentication.
However Certificate Authentication is behaving differently on different systems:
The Device Certificate and the Trusted Root CA get automatically enrolled by Intune to the Azure AD to all machines. After installation of the client from the Microsoft Store I click: Add -> Select “Certificate” as Authentication Type.
1) Windows 10 VM:
The SCEPman issued certificate is available for selection (also all other available certs)
2) Windows 10 Notebook
But on my physical notebook the behavior is strange: The certificate is not available for selection. I tried to issue a selfsigned certificate via Powershell and those show up immediately in the dropdown.
The SCEP certificates are correctly enrolled and visible in certmgr.msc on both machines.
I have tried to experiment with the Properties of the Device configuration profile in Intune and changed the Key storage provider, key size and hash algorithm to different values but that did not fix the problem. I still suspect that it has to do something with the KSP, but I have no clue what else to try.
Maybe someone else has experienced this issue also or knows what the reason could be.
Thanks and best regards,