Talking to myself but found out that my internal CA signed certificate lacked TLS Web Agent Authentication. After signing the CSR with TLS Web Agent Authentication and TLS Web Server Authentication and rerunning the wizard I was able to proceed.