I manage the certificates for my MikroTik devices via a central CA. I renewed the certificate for my RouterOS 7.8 device earlier today and tried to import the new certificate with its associated private key, but only the certificate will import. Whenever I attempt to import the private key, nothing is imported, but I also see no error messages:
[admin@DEVICE] > /certificate/import file-name=DEVICE.key.pem
passphrase: ************
certificates-imported: 0
private-keys-imported: 0
files-imported: 0
decryption-failures: 0
keys-with-no-certificate: 0
I know the passphrase is correct because I tested the private key with OpenSSL. This is the same private key that was associated with the previous certificate, so I know it worked before. It’s an RSA key using AES-256-CBC with a bit length of 2048. Does any of this sound like something that was deprecated in an intervening version of RouterOS? Furthermore, I am getting the following error in the system log when I import the certificate:
10:19:54 certificate,error unsupported CRL protocol for URL: https://CRL_URL
I used
/tools/fetch
to confirm the device can download the CRL file, and I double-checked that it is signed with the same certificate as the one I successfully imported. (I blanked the CRL URL because it’s an internal URL that you won’t be able to check.)