I have successfully installed OpenVPN on my Mikrotik router (RouterBOARD 750G r3). I tried CA/server/users certificates created on Ubuntu server and also tried CA/server/users certificates created on router directly, both works nicely. When I create certificates directly on router using self-signed CA, I'm able to revoke client certificates easily and that's also nice.
My problem is, that I would like to be able to sign Certificate Signing Request .csr files sent from my users, directly on router.
Using this approach, user creates .csr file using openssl and sends me only .csr file, while keeping .key file (generated together with .csr file) securely in his computer. But I didn't find the way how to import .csr file into router to be able to sign it and send back user's certificate.
I'm using this way on my Ubuntu OpenVPN server. I like this because I don't need to find the secure way of delivering the sensitive user's key file, as this is kept in user's computer. Only user.csr, user.cert and ca.cert are needed to be sent and this may be done over less secure channel.
I appreciate any comments
Regards
Jan