Self signed certificates and CRL

th0massin0 · June 12, 2016, 12:57am

Hello,
From a past few days I am trying to create SSTP VPN with self signed certificates. I have a question about CRL.
When I set the ca-crl-host to my public Mikrotik IP and export that certificate, in it’s properities is present below entry:
[1]CRL distribution point
Distribution point full name:
Full name:
URL address=http://<my.mikrotik.public.ip>/crl/41.crl

… but when I am unable to download that file. Is it normal? How to create self signed certificate infrastructure with auto-generated CRLs?
In addition I have allowed 80/tcp and 443/tcp in input chain.

th0massin0 · June 15, 2016, 1:13pm

/ip service enable www

huntah · January 4, 2017, 11:08pm

Hi did you find a way to use a public WWW server for your CA-CRL-HOST.
And how does the update process work.

If I create Self Signed CA on Mikrotik who must check CRL. VPN Server on Mikrotik (SSTP, IKEv2, OpenVPN) or clients?
If only Mikrotik Server then I only have to open WWW service for localhost.
If clients check CRL then If I open www I open Webfig to everyone and thats a No no

I cant find any documentation on this topic.. Not in wiki not on the forum.