Hi folks, we have some Routerboard532’s operating as hotspots and want to implement SSL. I have used MT to generate a certificate request, purchased a SSL certificate based on that request, then uploaded it to the Routerboard and imported it. When I do the decrypt it asks me for the passphrase and then says “keys-decrypted: 0”
Can somebody point me in the right direction as I have spent hours trying to figure this out. I don’t have much experience with SSL but I know the RB’s pretty well now and this has got me stumped. From what I read in the manual and everything I can find in the forums I am doing everything right, but still it doesn’t make sense. Another thing which I am not sure about is the certificate I import says “DSA” down the bottom of it in the Winbox window and has CA ticked. This is how it has imported so I don’t know if something is amiss.
Thanks Max, I have done some extensive searching here and have found people who have SSL working and people who can’t seem to get it working, unfortunately the ones who have it working don’t cover off many of the challenges.
The only thing I can think of is that the certificate I have is no good, it is a proper trial certificate from a known provider, Geotrust, so I don’t know what else I need to do. I generated the keys from the router itself, then loaded the certificate key onto the router when I received it.
I figured it out, I knew it was something stupid, however the problem I had should be documented. What happened was that I created the certificate request, then pasted the details into the CA’s website to create the certificate. Once done and the certificate was created, the information was emailed to me and I had to copy and paste that information into a new file and upload it to the router. I just called the file mydomainname.cer and thought that was fine. It imported fine, but would not decrypt. I changed the filename to certificate.cer and imported it again and this time it decrypted straight away.
Really the doco for certificates should stipulate that the import filename MUST be certificate.cer if this is so critical.
