Running Mikrotik >6.5 (about) I’ve big issue with valid certificate and SSTP connections
== Scenario: ==
Server
MKT SSTP Server 6.12
Valid VeriSign certificate (KLT)
Imported Intermediate certificate from Verisign (AT)
No “Verify Client Certificate”
No “Force AES”
Client
MKT SSTP Client 6.12
Imported Intermediate certificate from Verisign (AT)
No “Verify Server Certificate”
No problem with “Verify Server Address From Certificate” enabled/disabled
== Results ==
Connection (Windows 7 → Server) work correctly!
Connection (SSTP Client → Server) work correctly if “Verify Server Certificate” (from Client) is disabled.
If this verify option is enable, the log from client show “… handshake failed (6)” and the server not show anything about these loop connections from client.
== Note == https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp tool show this also if I’ve imported intermediate certificate: Intermediate certificate missing. VeriSign Class 3 Secure Server CA - G3 | Download certificate Your certificate chain is valid, but some older browsers may not recognize it. To support older browsers, download and install the missing intermediate certificate.
== Question ==
How can I resolve this issue or establish a SECURE connection with valid SSL certificate?
In my previous post unfortunately I have omitted this information but the cert chain is complete.
Unluckily the problem remains and the question is again:
How can I resolve this issue or establish a SECURE connection with valid SSL certificate?
I have seen that yesterday has been released the new version of RouterOS (6.13).
I have red the changelog but there isn’t a solution for the issue that I have indicated in my post.
Have same issue with Comodo Positive SSL. Root and intermediate certificates installed as well. For some reason, Mikrotik do not provide chain to users and clients get error. Workaroud: import intermediate certificates to clients machine as well. Was working fine before 6.15.
