Apple has changed their certificate security requirements, and it affects the SmartVPN app on iOS13 and macOS 10.15 to create a connection if the Vigor VPN servers are using Self-Signed Certificate. To meet the new security policy of Apple, we can regenerate a new Self-Signed Certificate. In this article we are going to look at how to do this on our Linux devices such as the Vigor 3900 and Vigor 2960.
Please follow these steps to regenerate self-signed certificate
1. Navigate to [System Maintenance] > [Time and Date] to make sure the router's time settings are correct, and it's better to match the client's time zone. Because when authenticating the server's identity, the client will check if the current time and date are within the server certificate’s validity period.
2. Navigate to [Certificate Management] > [Trusted CA], click Build Root CA, fill out all of the information , select Key Size as 2048 and apply the settings
3.Go to [Certificate Management] > [Local Certificate], then click Generate
a. Select ID Type as either Domain Name or IP address, depends on which one will the VPN client used for connecting to the server.
b. Type ID Value as the domain name or IP address of the router. It should be the IP address or domain name which VPN clients use for their Server settings.
c. Fill out all the information
d. Select "Enable" for Self Sign
e. Enter CA Key Passphrase to match the CA Key Passphrase of Root CA
f. Click Apply to finish
4. Go to [System Maintenance] > [Access Control] > [Access Control] and select the local certificate created for Server Certificate, then click Apply to save.
5. After the above configuration, the SmartVPN on iOS13 can connect successfully.