Hi,
Been playing with this for a whole day and I can’t seem to find a way to import CSR (Certificate Signing Request) into Mikrotik Certificates menu.
Whenever I try to import it, it just ignores it.
Does this mean that Mikrotik CA cannot sign any CSR? It can only sign the certificate template it created locally?
I mean, it sure looks this way and I just wanted confirmation.
Thanks.
It looks like it’s not possible. I didn’t find anything about importing CSRs anywhere, and when I try it, nothing happens.
It may not be the best idea anyway, because currently there’s no good way for backing up certificates. And it’s good to have backups for things like that. Binary backup should have everything, but it’s not meant for different devices, which you may need if the old one dies. And while it’s possible to export individual certificates one by one, you won’t link issued certificates back to CA, if you’d import them back.
I prefer to have external CA. If you need something simple, XCA (https://hohnstaedt.de/xca/) is relatively user friendly (taking in account that certificates are generally not user friendly at all).
The way to do that is not to import the CSR from a file to the certificate list. The way to do that is to use /certificate sign-certificate-request file-name=the_file_with_the_csr ca=the_ca_name days-valid=whatever_validity_you_want.
Ooops, I got fooled by Requests tab in WinBox and I expected that CSR should somehow get there. But it’s for SCEP.