IKEv2: verify Letsencrypt server certificate

doka · September 26, 2019, 2:34pm

Dear friends,

I’m trying to connect ROS 6.45.6 using IKEv2 to Strongswan in this way:

/ip ipsec profile set [ find default=yes ] dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256
/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=qlt-profile
/ip ipsec peer add address=f.q.d.n exchange-mode=ike2 name=qlt-peer profile=qlt-profile
/ip ipsec proposal set [ find default=yes ] auth-algorithms=sha256 enc-algorithms=aes-256-gcm pfs-group=modp2048
/ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-gcm name=qlt-proposal pfs-group=modp2048
/ip ipsec identity add auth-method=eap certificate=“” eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=request-only password=q1w2e3 peer=qlt-peer remote-certificate=lets-encrypt-x3-cross-signed.pem.txt_0 remote-id=fqdn:f.q.d.n username=doka
/ip ipsec policy add dst-address=0.0.0.0/0 proposal=qlt-proposal src-address=0.0.0.0/0 template=yes

remote side is Strongswan armed by Letsencrypt certificate and in order to verify it I install on RouterOS the intermediate certificate “Let’s Encrypt Authority X3 (IdenTrust cross-signed)” from https://letsencrypt.org/certificates/ :

/tool fetch url=“https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt”
/certificate import file-name=lets-encrypt-x3-cross-signed.pem.txt
/certificate print detail

Flags: K - private-key, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted
0 L T name=“lets-encrypt-x3-cross-signed.pem.txt_0” issuer=O=Digital Signature Trust Co.,CN=DST Root CA X3 digest-algorithm=sha256 key-type=rsa country=“US” organization=“Let’s Encrypt” common-name=“Let’s Encrypt Authority X3” key-size=2048 subject-alt-name=“” days-valid=1826 trusted=yes key-usage=digital-signature,key-cert-sign,crl-sign
serial-number=“0A0141420000015385736A0B85ECA708” fingerprint=“25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d” invalid-before=mar/17/2016 19:40:46 invalid-after=mar/17/2021 19:40:46 expires-after=76w6d2h11m7s

This way works for Cisco, but on Mikrotik I see the following error message in log: “digital signature verification failed” (topics ipsec,error):

17:31:17 ipsec,info new ike2 SA (I): 10.10.10.25[4500]-x.x.x.x[4500] spi:4473213cc92de223:99bb6db6a8cd089d
17:31:17 ipsec,error digital signature verification failed
17:31:17 ipsec,info,account peer failed to authorize: 10.10.10.25[4500]-x.x.x.x[4500] spi:4473213cc92de223:99bb6db6a8cd089d
17:31:17 ipsec,info killing ike2 SA: 10.10.10.25[4500]-x.x.x.x[4500] spi:4473213cc92de223:99bb6db6a8cd089d

What I’m missing in this configuration and how to make RouterOS able to verify Letsencrypt certificate?

Thank you.

doka · September 27, 2019, 10:42am

And then, I tried to add one level upper certificate (IdentTrust’s) which used to sign Letsencrypt, from there - https://www.identrust.com/support/downloads (Base64 Root Certificate), finally having the following certificate configuration:

[admin@MikroTik] /certificate> print detail
Flags: K - private-key, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted
 0  L    T name="lets-encrypt-x3-cross-signed.pem.txt_0" issuer=O=Digital Signature Trust Co.,CN=DST Root CA X3 digest-algorithm=sha256 key-type=rsa country="US" organization="Let's Encrypt" common-name="Let's Encrypt Authority X3" key-size=2048 subject-alt-name="" days-valid=1826 trusted=yes key-usage=digital-signature,key-cert-sign,crl-sign
           serial-number="0A0141420000015385736A0B85ECA708" fingerprint="25847d668eb4f04fdd40b12b6b0740c567da7d024308eb6c2c96fe41d9de218d" invalid-before=mar/17/2016 19:40:46 invalid-after=mar/17/2021 19:40:46 expires-after=76w5d6h41m19s

 1       T name="ident-trust-dst-root-ca-x3.txt_0" issuer=O=Digital Signature Trust Co.,CN=DST Root CA X3 digest-algorithm=sha1 key-type=rsa organization="Digital Signature Trust Co." common-name="DST Root CA X3" key-size=2048 subject-alt-name="" days-valid=7669 trusted=yes key-usage=key-cert-sign,crl-sign serial-number="44AFB080D6A327BA893039862EF8406B"
           fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" invalid-before=oct/01/2000 00:12:19 invalid-after=sep/30/2021 17:01:15 expires-after=104w6d4h1m48s

but without success.

Does Mikrotik check for key-usage and rejects inappropriate offers? Let’s Encrypt’s key-usage is:

        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE

and there are no either data-encipherment, ipsec-end-system, ipsec-tunnel and ipsec-user usages. Is it issue or something else? If it is - whether it’s possible to ignore key-usage and setup IPSec connection?

Thank you.

doka · September 27, 2019, 1:43pm

Hi again,

seems problem not in certificates itself. For test purposes, I generated certificates according to https://wiki.archlinux.org/index.php/StrongSwan and checked host certificate. While output says:

        Subject: C = CH, O = strongSwan, CN = my.vpn.fqdn
        [ ... ]
        X509v3 extensions:
            X509v3 Authority Key Identifier:
                keyid:1A:34:B7:53:47:C1:21:92:7C:D8:86:45:FD:BD:7C:6C:B6:50:58:B3
            X509v3 Subject Alternative Name:
                DNS:my.vpn.fqdn
            X509v3 Extended Key Usage:
                TLS Web Server Authentication, 1.3.6.1.5.5.8.2.2

where 1.3.6.1.5.5.8.2.2 (“iKEIntermediate”) declares this certificate will be used for an intermediate node with IPsec and IKE. An “intermediate node” is defined to be an IPsec device that offers IPsec services on behalf of other devices e.g. using tunnel mode and IP forwarding (https://tools.ietf.org/id/draft-ietf-ipsec-pki-req-02.txt), Mikrotik refuses this certificate as well, saying the same:

16:41:15 ipsec,info new ike2 SA (I): 10.10.10.25[4500]-x.x.x.x[4500] spi:8e6080ac5321ea31:e9c36f4115786af4
16:41:15 ipsec,error digital signature verification failed
16:41:15 ipsec,info,account peer failed to authorize: 10.10.10.25[4500]-x.x.x.x[4500] spi:8e6080ac5321ea31:e9c36f4115786af4
16:41:15 ipsec,info killing ike2 SA: 10.10.10.25[4500]-x.x.x.x[4500] spi:8e6080ac5321ea31:e9c36f4115786af4

I kindly ask to point me on what I’m missing. Thank you.

emils · September 30, 2019, 7:29am

Try setting the “remote-certificate” parameter to “none”. Since the certificates does not have private key, the certificate verification fails. Since they essentially are CA certificates, you do not need to specify them, just installed in the certificate store.

doka · September 30, 2019, 11:57am

Great, it did the job. Thank you!

doka · June 13, 2020, 12:47pm

Just a short note for those who will find this topic in search:

You need to fetch and install both certificates from Let’s Encrypt Chain of Trust:

Active Root, e.g. ISRG Root X1 (self-signed)
Active Intermediate, e.g. Let’s Encrypt Authority X3 (Signed by ISRG Root X1)

antonix · July 31, 2020, 12:33pm

I am one of those who found this topic googling. Just wanted to say thanks, and also confirm that the solution posted by the topicstarter was what actually worked for me.

ThienVo · February 11, 2023, 12:08pm

did you switch to put the Letsencrypt certificate at the “certificate” field or stay the same at “remote-certificate”? can you “ip ipsec export” your settings for my reference, i’m trying but my windows 10 pc can’t connect