Hi everyone, I’m new here.
My company just acquired a new Mikrotik router running ROS 7.5, in order to replace an older router running ROS 6.48.6.
The router is running several IPsec connections to our business partners. All IPsec connections use pre-shared keys, except one which uses certificates.
After migrating the configuration to a new router, all IPsec links using PSK are running fine, but the IPsec connection using certificates can’t connect - no phase 2.
Logged error is “no proper subjectAltName.”
Both certificates (meaning, certificates on the old and the new router) that are used to establish a connection have completely identical properties. In fact, the field “Subject Alt. Name” is empty on both certificates, and I’m guessing that might be the cause of the problem. However, I cannot change the content of the “Subject Alt. Name” field, because the certificate is provided by the company to which the link is established (we generate CSR, send it to them, they sign it and send it back - “Subject Alt. Name” in the CSR contains DNS data, but the field is empty in the signed certificate).
All other properties regarding the IPsec connection are the same on both routers.
Is there a solution for this? I can’t downgrade the router to ROS 6, since it’s a new model which runs only on ROS 7.
Thank you in advance.