ikev2 mobile VPN stopped working - certificate expired on live logs

Hello ,

ikev2 mobile VPN randomly stopped working for all users .
When attempting to connect, im getting the below live logs:

2025-01-11 11:30:32iked(192.168.100.101<->102.x.x.x)CMgrFormCertChain: the specified certificate(id=29200) is not valid, reason:<6_981>:certificate expired
2025-01-11 11:30:32iked(192.168.100.101<->102.x.x.x)CMgrFormCertChain: Certificate chain forming failure because there is no matching certificate
2025-01-11 11:30:32iked(192.168.100.101<->102.x.x.x)IkeGetCertChainByCertID: Form Cert Chain failed
2025-01-11 11:30:32iked(192.168.100.101<->102.x.x.x)ike2 Construct CERT Payload : Form Cert Chain failed
2025-01-11 11:30:52iked(192.168.100.101<->102.x.x.x)ike_user_free: invalid arguments User:0xd77ca90 IKE policy:0xd769c38

Below are the firebox certificates:

Can someone please suggest what's the issue ?

Regards,
Yugal

Best Answer

Answers

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Yugal_R
    Can you please check the cert that is installed onto the client PC(s.) If that has expired the firewall may regenerate a certificate to keep it current, but the only way to distribute it to your workstations would be via the ikev2 profile.

    Try downloading a new IKEv2 profile, and installing it on one of your PCs. Do you see the same issue happening?

    -James Carson
    WatchGuard Customer Support

  • Hello @james.carson ,

    I removed and downloaded and installed a new config file and place the rootca cert in the Trusted Root Certificate Authorities.

    still the same error on the logs.

    Maybe i should raise a ticket to support team

    Kind regards,

Sign In to comment.