Certificate creation on Mikrotik1:
Certificate creation on Mikrotik2:
Code: Select all
/certificate add common-name=ca name=CA1 days-valid=3650 sign CA1 ca-crl-host=Mikrotik1SN.sn.mynetname.net add common-name=Mikrotik1SN.sn.mynetname.net subject-alt-name=DNS:Mikrotik1SN.sn.mynetname.net key-usage=tls-server name=server1 sign server1 ca=CA1 add common-name=client1_win10cert key-usage=tls-client name=client1_win10cert sign client1_win10cert ca=CA1
Code: Select all
/certificate add common-name=ca name=CA2 days-valid=3650 sign CA2 ca-crl-host=Mikrotik2SN.sn.mynetname.net add common-name=Mikrotik2SN.sn.mynetname.net subject-alt-name=DNS:Mikrotik2SN.sn.mynetname.net key-usage=tls-server name=server2 sign server2 ca=CA2 add common-name=client2_win10cert key-usage=tls-client name=client2_win10cert sign client2_win10cert ca=CA2
When I import the certificate from Mikrotik1 to WIN10. It works fine. I can connect (create VPN connection) to Mikrotik1.
After that when I import the certificate from Mikrotik2 to WIN10. It works fine too If I want to connect (create VPN connection) to Mikrotik2 BUT i cannot connect to Mikrotik1 then.
I seems to me that win10 are trying to use certificate for authentication for Mikrotik2 and not certificate for Mikrotik1 when I want to connect to Mikrotik1.
When I try connection to Mikrotik1:
Win error: IKE authentication credentials are unacceptable
Mikrotik log error:ipsec,error identity not found for peer: DER DN: client2_win10cert
My question is should I create client certificate with some more information in it so the WIN10 would choose the right certificate for authentication?
I know that this is more about WIN10 question but maybe anybody here has the knowledge what exactly should the client certificate contain for that situation/scenario.