I had a VPN working for almost a year with no issues, nothing changed that I know of except for Windows updates, but one morning I tried to connect to my VPN and I get the Message “Can’t connect, A certificate chain processed, but was terminated in a root certificate that is not trusted by the trust provider” I have set up several other VPS exactly the same way, and I have tried deleting my certificates and recreating them to try to get it to work, but I keep getting the same message. What could be causing this issue? Here are the steps I use to create the certificate.
[admin@MikroTik] > /certificate
[admin@MikroTik] /certificate> add name=CA common-name="MY IP ADDRESS" key-usage=key-cert-sign,crl-sign days-valid=3650 key-size=4096
[admin@MikroTik] /certificate> sign CA ca-crl-host=MY IP ADDRESS x.x.x.x
[admin@MikroTik] /certificate> add name=SVR common-name="SVR" key-usage=digital-signature,key-encipherment,data-encipherment days-valid=3650 key-size=4096
[admin@MikroTik] /certificate> sign SVR ca=CA
[admin@MikroTik] /certificate> set trusted=yes SVR
Make sure that you install the client certificate on your local computer. And the root certificate you created is also installed in the trusted root store.
Yes, the certificate was installed correctly. Everything had been working and then one morning, it stopped, and I have done nothing that would have changed it. I have set up 5 or 6 of these units as VPN connections, and I have done them all the same. so I went through the certificate process multiple times, and I still can’t get this one working.
I wonder if you ever find an answer to your problem?
I am asking because I have stumbled to the same, and have no idea how to solve it. All answers I found are about placing the certificate to the right folder, which already is…
What Windows update did you install? Perhaps this is the reason. Or, as wrote above, that the root certificate is not installed in the trusted root store.
I have done everything by the book (certificates in the right place and so on..) and after few days of pain I have successfully started one vpn on one computer, but not on all of them (for this experiment I am using two physical machines and three virtual Machines in VMware WS 14).
So until I’ll be able to replicate this on whatever computer I want, the problem stays unsolved…
p.s. all the machines have the latest Win 10 LTSC fully updated…
