Hello. I is noob. I’d like to import a certificate signed by PKI root running on Server 2012 to RB3011. I’ve imported the CA certificates, and routerOS picks up the crl, and imports with “trusted” status but doesn’t recognize them as trusted (flags L T). I created a SubCA certificate for the RB device, on the MS CA, converted the newly created cert from .pkcs12 to .crt with unencrypted key and imported it to RB. RB imports private key, public cert, crl info as “trusted” (flags K L T) but does not add the ‘A’ designating it as “Authority” despite the certificate usage attributes granting crl signing, key certificate signing.
I’ve seen this wiki page http://wiki.mikrotik.com/wiki/Manual:System/Certificates & http://wiki.mikrotik.com/wiki/Manual:Create_Certificates
I now has CA named ‘myCA’ but it won’t sign new requests created through console interface and nothing seems to work beyond view the certificates in the web interface. What am I doing wrong? I’m sure a lot.
This is my first routerOS product; when I ordered I figured, “how different could it possibly be from Cisco IOS”. …Apparently a lot =)
side question: is the firewall essentially just standard (Linux) iptables?