cannot get CCR router and AP running CAPsMAN and CAPS - ssl error

vantheman · April 21, 2024, 7:59pm

Hello all,

i am quite new to the game and i just tried to get the basics running. So i tried to enable in “WiFI” the Manager and to generate the CA automatically which i got:

interface/wifi/capsman/print
enabled: yes
interfaces: BRIDGE-LAN
ca-certificate: auto
certificate: auto
require-peer-certificate: yes
package-path:
upgrade-policy: none
generated-ca-certificate: WiFi-CAPsMAN-CA-789A1882D429
generated-certificate: WiFi-CAPsMAN-789A1882D429

but when i try to enable the CAPS mode on the hAP AX2 i see in the CCR logs:
disconnected XX:XX:XX:XX:XX:XX%*14, ssl: empty certificate chain received

on the AP logs i see:
failed to connect to MikroTik@XX:XX:XX:XX:XX:XX%*9, ssl: fatal alert received

I am not sure what exactly caused it but i have no clue atm what i should do to mitigate that. i resetted the AP in CAPS mode default settings and just added the correct bridge dhcp client to it.

Many thanks in advance for any help!

neki · April 22, 2024, 8:18am

What happens when you set require-peer-certificate to no?

tadams56 · April 24, 2024, 12:09pm

I have had this problem before when connected to a different CapsMan with Require Peer Certificate turned on.
Delete the certificates created from the previous CapsMan (System / Certificates)
Re Enable the Require Peer Certificates
Then go to the Caps and trust the new certificate (System / Certificates)
Hope this works for you

vantheman · April 28, 2024, 1:47pm

Thank you that helped me ! little thing with big impact…