Because of severe problems with NMAS on the machines of some of our users
I want to make it possible for them to connect using a certificate instead
of NMAS. I have created a certificate for the user. I also changed the BM
authentication rule to allow NMAS and certificates. I set the trust server
flag and added the server certificate in the authentication rule.

When I try to connect using certificate I get the error:
An error was reported by the IKE applciation. No matching authentication
rule for the user certificate. Check with your administrator.

I can connect using NMAS.

Where did I go wrong?

Kind regards,