Hi, community and Mikrotik staff.
There is a defect in 7.9 related to certificates. Most possibly due to the "*) ipsec - refactor X.509 implementation;"
In my setup, I have ROS 7.8 connected to ROS 6.49.6 via IKE2:
auth: digital signature
My Type ID: auto
remote type ID: auto
Match by: remote id
(the same config on both sides)
The setup worked well until I upgrade the 7.8 to 7.9. After the upgrade:
ROS 6.49.6 floods with: got fatal error: AUTHENTICATION_FAILED
ROS 7.9 floods with: can't verify peer's certificate from store
Immediately re-checked the certificates: found them valid on both sides.
How to fix?
Regards.
Update: re-checked all other combinations of my ID/remote ID on both sides - nothing works. Again re-checked certificates on both sides - all certificates are correct and valid including CA (the same CA was used to issue end-point certs. It actually looks like a defect in ROS7.9 - it worked perfectly until the v7.9
BTW, is there a way to roll-back to the previous version?