expired certificates

akill · January 8, 2018, 6:12pm

Hello everyone, I need your help.

I have a CCR in my CORE that receives all my VPN connections, site to site with other mikrotik routers.

I have set up in my CCR, three certificates, (CA, Cert for the server and others cert for the clients). My CA has expired

0 K L A ET myCa myCa …
1 K A ET server server …
2 K A T clien… clientOVPN1 …
3 K A ET client1 client1

How i can renew my certificates?

16again · January 8, 2018, 8:22pm

since CA is also expired, restart from scratch generating all certificates

akill · January 9, 2018, 3:03pm

thx

i have tried renew my CA certificate.

now, i have other certificate (newCA1.crt) with the same public key that my original CA certificate.

When i import this new certificat into mikrotik, this new certificate have this flags (KT):

0 K L A ET myCa myCa …
1 K A ET server server …
2 K A T clientOVPN1 clientOVPN1 …
3 K A ET client1 client1 …
4 K T newCA1.c… newCA …

what i have missed, because this new certificate is not CA after being imported?!

when i generated a new certificate, the output was newCA1.crt (only certificate) and newCA1.pem (certificate and public key). I copyed and imported this two files to mikrotik.

16again · January 9, 2018, 7:55pm

Only the CA itself has private key (K) , you don’t need this on endpoints.
The local certificate for router itself is the only certificate that does require private key being included.