After some changes in ipsec configuration you can use a command like this:
ip ipsec identity set certificate=YOURCERTIFICATE.cer,comodorsadomainvalidationsecureserverca.crt
And it seems that now you can also set a certificate chain using just Winbox GUI.
I have just tested ikev2 eap radius with my comodo certificate on 6.44.1 firmware and it works fine! Thanks Mikrotik!
Hi,
I was also having this issue, been testing a whole bunch of VPN configurations with Mikrotik and RADIUS.
As we know here the issue is not RADIUS, and is an intermediary certificate not being presented to windows by Mikrotik (Natively), it can be specified in the CLI and winbox.
The reason for my post, is that Its rather odd that in one VPN type setup (SSTP) you dont need to do the intermediate part (just specify the end certificate), but in another VPN type (IKEv2) you do need to set the end certificate and the intermediate certificate(s).
would be nice to have a standard here. But glad I found this topic, so very glad that I do not need to import certificates at the client end, makes the deployment that much easier.
thanks All.
does this works with Userman6?
i mean eap radius