I’m facing issues with COMODO certificate, which i would like to use on my Miktorik for SSTP VPN connection. The error i get is below:
Certificates verified. When i’m opening my VPN certificate on local computer, it shows me that certificate is ok and all intermediate and root certificates are trusted. Screenshot below:
Configuration of device below:
Prior, i was using StartSSL certificate and imported it in same way. It was working fine prior to version 6.15.
I tried to re-import certificate and ca chain file, nothing helps. Could you please advise?
Issue solved by importing intermediate certificates manually to the system. For some reason, Mikrotik, do not provide intermediate certificates to users. Intermediate and root certificates are uploaded to Mikrotik.
Problem happens when CRL is signed by other certificate than in Trust chain. In my case, Comodo have two Trust chains due to migration to SHA-2. Both chains are valid. However, Trust chain provided with certificate isn’t the one used to sign CRL. TO solve the issue, i had to import intermediate certificates from both chains to mikrotik.
This is as well mentioned on Mikrotik Wiki website:
Warning: even if all trust chain is imported, crl may not work in cases when CRL is signed with a different certificate, not the one from trust chain (for example Verisign is doing that)!
