I have two RouterOS devices, namely a router and an access point. Both are version 7.11.2
I also have PKI set up using OpenSSL. I have imported the CA certificated to both devices and I see that the CRL URL is listed in the CRL tab. Everything is working as expected on the router, but on the access point the CRL shows as invalid.
I have tried to download the CRL file using the fetch command and that is successful. I have checked the log on the web server hosting the CRL file and it doesn’t seem like the access point is even trying to retrieve the CRL file. I have used torch on the vlan interface on the access point, and I see no packets destined to the web server’s IP. I have verified that the access point is able to resolve the web server FQDN. I have also tried to manually add the CRL URL using IP instead of FQDN. I have gone over all firewall rules multiple times and I really can’t find any issue there, which is confirmed by the fetch command being able to download the CRL file. The access point and the web server are on different vlan’s, but I’ve tried giving the access point an interface on the same vlan, but that does not work either. I have tried factory reset of the access point.
All I see in the logs on the access point is “start CRL update”, but from what I see it isn’t actually doing anything. I have enabled “certificate” logging, any other relevant topics that might give me a clue? I have google my brains out, but can’t find any solution. I have come across a few forum posts describing the same, but they all seem to die out without any conclusion or solution. Have anyone else experienced the same and been able to solve it?