Hi!
I generated some certificates in OpenSSL and included the CRL link in them. I used OpenSSL not the Mikrotik self signed, so that I can import the same CA and server cert to multiple mikrotik devices.
The certificate works fine, but I cant get CRL to work.
The CRL shows up as dinamic / invalid, last and next update time is Jan/01/1970.
NTP is enabled and the date and time is correct.
[admin@MikroTik] > certificate crl pr
Flags: E - expired, D - dynamic, I - invalid
# CERT LAST-UPDATE NUM REVOKED URL
0 DI mikrotik.cert.pem_0 unknown http://10.0.22.2/revoked.crl.pem
The sama problem as for this guy: http://forum.mikrotik.com/t/ssl-certificates-date-time-issues/117685/1