I am trying to renew a certificate signed by CaCert (so not self-signed).
On most operating systems I worked with, you generally have two files. One containing the private key, and one containig the signed certificate. In RouterOS those appear to be combined in one entry under /certificates.
Now that my Certificate is almost expired, I got new .crt file. What I would normally do is replace the existing file with the new one, keeping .key as is.
On RouterOS importing it created additional entry with the renewed certificate, but did not link it to the private key.
What am I doing wrong? Is there a way renew only the signed certificate while keeping the already registered private key?
I started implementing Let’s Encrypt certificates. They have a validity of 90 days. The whole certificate deployment process is completely automated. I am able to push the new certificate to my RouterBoards - but how to import it there replacing the old one? I expected that importing a new certificate based on the same private key will simply overwrite the old certificate keeping the old private key. This would make a certificate renewal quite easy. But unfortunately a new certificate with the same name but without private key is created, which is really weird.
So have to properly renew a certificate using scripting on RouterOS?
A single file certificate is usually just a combination of the certificate and key. The certificate files are usually PEM encoded which is viewable in a text editor - you can often combine the certificate and key simply by concatenating them together.
Looks like that’s true.
This way you also have to re-import the private key from flash again. Normally I’d like to only replace or delete and import the public certificate, but well, that’s how it is.
I also noticed that after deleting and re-importing the certificate and keyfile, the ssl certificate binding for example in the hotspot is gone and manually has to configured.
It might be feasible as a workaround, but it’s still quite annoying.
Anyway, thanks for confirming that it’s not only me having this problem and there doesn’t seem to be a real solution so far.