I have IKEv2 set up to site A all works great no problems, connecting, speed is ok, stable.
I have made set up to site B and gues what it doesnt work. Cinfig is ok , certs are installed as they have to be installed.
But the I click to connect to site B, Windows 10 sends site A client certificate to authenticate to Mikrotik IKEv2 server. How do I know this? Just simply by checking logs. “unable to get local issuer certificate(20) at depth cert:Client-ak ( where “client-ak” is cert of site A)
cant verify peers’ certificate from the store” (yes it cant as it doesnt exist on site B)
Does anyone knows how to fix this problem on windows 10 so it sends out the right certificate to authenticate so I may enjoy multi-site accessibility using IKEv2
ok made a query and later on found an answer at this topic: http://forum.mikrotik.com/t/ipsec-ike2-can-find-valid-sertificate/123370/13
Manage how to tell windows 10 witch cert to use.
Now, if you have more than one IKE2 RSA VPN’s created, you should specify which certificate Windows should use, because Windows is stupid and can’t automatically determine the right certificate for each VPN profile.
Open Powershell and enter certlm.msc to open Local Machine Certificate tool
Under Trusted Root Certification.. find your certificate and open it with double click
Select Details and copy Serial number
Go back to Powershell and create new variable with specified serial number
$ca = Get-ChildItem Cert:\LocalMachine\Root\ | ? SerialNumber -EQ
Check whether variable can find you certificate, it should return something
$ca
Add certificate to your created VPN profile
Set-VpnConnection -Name -MachineCertificateIssuerFilter $ca