ROS 7.7 doesn't accept CRL from Microsoft AD CA

Hi, Community and Mikrotik experts.

Does ROS 7.7 process CRLs correctly?

In my setup, I have two Mikrotik routers, one on 6.49 and another on 7.7. Both are configured to get certificate CRLs from the same Microsoft AD Root CA. The CA publishes one base CRL and one differential CRL.

The 6.49 downloads and imports the CRLs well.
The 7.7 throws to logs: “got CRL not in DER/PEM format” for both the CRLs despite the fact both CRLs are exactly in the DER format. (the Microsoft CA publishes CRLs only in DER format)

Any ideas?

Thank you in advance.

I’ve got the same issue, in my test lab I configured Microsoft CA like bellow. In CHR, manually added CRL at least show as working (black not red) as long as you have CA cert in store. But there is greater issue. Last version of v7 that actually checked CRL and verified client certificates (at least for IKEv2, i didn’t checked for anything else) was 7.4.1.
7.7 and 7.8rc2 doesn’t work. I am checking a few more things an I will report it to support@mikrotik.com
So in conclusion, I think it would be better to stay on v6 for now until MikroTik fix this issue.