Why do I see a VPN client restart message when certificate authentication is used?

When certificate authentication is enabled on the VPN server, and the certificate that is presented by the VPN client cannot be verified, the VPN server directs the VPN client to restart.

The VPN client logs the following message Connection reset, restarting.

The client certificate cannot pass verification.

Follow these steps to resolve this issue:

1. Use the Linux command openssl x509 -noout -text -in certificate-file-name to get the certificate information.
2. Check that the issuer of the client certificate is matched with the client root certificate that you chose when you provisioned the VPN server.
3. Check that the certification extension X509v3 Extended Key Usage is TLS Web Client Authentication.