Mikrotik does certificate revocation affect IKE?

K

ka-may2020-11-23 20:14:26

Mikrotik

ka-may, 2020-11-23 20:14:26

I set up an IKE server on Mikrotik, authentication is digital signature. Created CA certificates, server and client.
These are the authentication settings vokki0
Where SRV is the tls server certificate.
After I revoked the client certificate, its status changed to "KRT", but the connection is still going on.
I would very much like to manage vpn clients using certificates!
PS: The client was signed by CA, SRV too!

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

K

korsar182, 2020-11-23
@korsar182

Checking if the certificate has been revoked occurs during phase 1 reauthentication. In Mikrotik, the Lifetime parameter in Profiles is responsible for this. But I'm not sure if it does reauthentication or rekeying.

K

Keffer, 2020-11-24
@Keffer

In Mikrotik with a review, everything is bad. Because this system with certificates is far from being finalized. The KRT status is only a status, in fact, clients, as correctly noted, continue to connect without problems. Only the complete replacement of the sert in identity helps.