Community discussions

MikroTik App
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Topic Author
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

How Windows 10 decides which client certificate to use when connecting to IKE2 VPN server?

Sat May 29, 2021 11:56 pm

A bit non-Mikrotik question, but I can't understand why my Windows 10 PC is not using a correct certificate when connecting to my Mikrotik router.

I have 2 identical Mikrotik routers at 2 different locations. They both have public IP and that's pretty great since once I get something to work on any router, I can "duplicate" config on another router. On one of the routers I managed to get IKE2 VPN working, setup Windows 10 VPN profile and everything works great.

Now I decided to setup IKE2 VPN server on second router. I've done the exact same steps and tested using Linux laptop - everything works great. However, Windows 10 does not connect because it attempts to use first router's client certificate instead of the second router's... Question - how do I specify (or help Windows 10 decide) which certificate Windows should use for certain profile?

Note that I am using digital-signature (aka certificates) authentication method.

In Mikrotik logs I get this:
identity not found for peer: DER DN: My client
It's because it's first router's client certificate, not the second router's client certificate. How do I choose which certificate to use for certain profile? Linux right away gives option to set CA, certificate and private key, but that's not seem to be possible with Windows OS...
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Topic Author
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: How Windows 10 decides which client certificate to use when connecting to IKE2 VPN server?  [SOLVED]

Sun May 30, 2021 10:13 pm

Looks like Windows simply sucks. It is possible to indirectly point to which certificate for which profile to use. I've documented it here: viewtopic.php?f=23&t=175656

Who is online

Users browsing this forum: cmmike, hatred, jamesperks, jvanhambelgium and 47 guests