Some Certificate Authority software supports the use of the Enhanced Key Usage extension for SSL. This is inserted to provide stricter control over how the certificate can be utilized. There are various values that can be used for that extension. The two that will be discussed in this article are Client Authentication and Server Authentication because they are the most frequently used.

When the Enhanced Key Usage extension is not present, the Universal Collector will not have any issues. However, if the extension has been added to the certificate by your CA, the value must be a Client Authentication for the UC's certificate. If it is Server Authentication then when you try a test connection in the UC Console, it will fail with a generic message stating "The connection to LMI server is not established". The details will only show "The server does not answer". However, a packet capture will show a fatal level TLS layer error code 43 which translates to an "Unsupported Certificate" when Wireshark decodes it properly as TLS traffic. The reason for this is because LMI requires UC to present itself as a client rather than a server within the context of the certificates.

When a CA signs a certificate for use by UC for ULDPS purposes and adds the Extended Key Usage attribute, there is a possibility for the test connection to fail. The error in the GUI will be a generic one but in the packet capture you will see an error code 43 from the TLS layer. This is equivalent to the error "Unsupported certificate". This article explains what causes that error and how to fix it.

The fix for this requires re-signing the UC certificate, which may require re-submitting the CSR file to the CA depending on your CA procedures. You'll have to be sure the certificate is signed with either the Extended Key Usage extension completely absent, specified with a value of both Client Authentication and Server Authentication, or specified with a value of only Client Authentication. Upon having the certificate re-signed and re-imported into UC, try the test connection again. Assuming no other issues exist with the ULDPS configuration, the test connection will now succeed. Note that LMI's certificate can use either Client or Server Authentication for it's Extended Key Usage. 
This behavior is accurate and applicable for all UC versions that are available as of the date and time this article was published.

For additional information describing how client and server authentication key usage works you can visit https://blogs.msdn.microsoft.com/kaushal/2012/02/17/client-certificates-vs-server-certificates/. Note that this webpage describes it in the context of Microsoft IIS.