Hi,
Does anyone know how to solve this issue?
Regards,
By any chance are you using DOH for your DNS?
This issue was fixed with the v7.6 release.
Good for you, for me it started with v7.6… 
We found out that (for us) this is caused by our PKI using sha512 . Since some version 7.x our certificate based VPNs stopped working and we had to at least omit CRL checking. Since 7.8 bypassing the CRL also doesn’t work, so we were forced to investigate deeper.
So we created new CA/Intermediate/CRLs for testing, and found out that only changing from sha512 to sha256 made CRLs work again. So this is kind of strange because it’s a step back, we’ve been using sha512 for years with a lot older versions of Mikrotik, and now we basically need to “lower” security to make things work?
Support ticket on this issue stayed unanswered for weeks, so I wonder where we are going with this issue (and how many other people have the same situation)
All my certificates are also using sha512… I hope now that the root cause is found, a fix will be released soon.
Thanks
Also the related ticket got no attention for 2 months. A bit disappointing …
I tried to reissue some of my crl with sha256 instead, but I got the same crl error, while the crl are properly decoded by openssl without error.
It’s the CA cert … we made a new CA for testing and with that it works. We started off changing a few parameters at once, and it worked, Narrowed it down subsequently to the Signature / SignatureHashAlgorithms. SHA256RSA/SHA256 works, SHA512RSA/SHA512 doesn’t.
What’s new in 7.11beta2 (2023-Jun-21 14:39):
*) certificate - restored RSA with SHA512 support;
Just saw that myself. Confirm it’s working!
That’s great news