ssl import for SSTP

RouterOS General
1

trying to get sstp up and running and we’re running into some issues getting the SSL imported.

Used certificate-request to generate CSR. Used PositiveSSL through Namecheap to get real SSL and used the “other” server option.

Certificates gets imported just fine, but the private key isn’t getting imported. Checked, double-checked, rechecked, and even issued a new SSL to verify that the password is correct. Every attempt to import the key generates this:

/certificate> import
passphrase: *********
certificates-imported: 0
private-keys-imported: 0
files-imported: 0
decryption-failures: 1
keys-with-no-certificate: 0

Attempting to load the cert into the SSTP server throws this message: could not load private key (6)

Any thoughts on what could be going on?

2

Anyone had an issue like this before?

3

Having the same issue right now, except I’m not getting any error message.

Here’s what I posted on WISPA’s MT list…

I need someone’s help.



I purchased an ssl certificate from registar.com. I have received the files
and have tried installing it to a RB433 board to be used as a hotspot with
User Manager.



I have tried installing to 2 different ways based on the documentation I
have found on the MT website and a Google search.

#1 - combined both files (certificate and private key) into notepad and
saved to new file. Imported using the console interface.

#2 - Imported each file individually using the console interface, (only
after removing it from the initial install.)



Both times it appears that the private key is not being imported with no
errors showing.



[admin at hotspot] > cert

[admin at hotspot] /certificate> import file-name=certificate.crt

passphrase:

certificates-imported: 1

private-keys-imported: 0

files-imported: 1

decryption-failures: 0

keys-with-no-certificate: 0



[admin at hotspot] /certificate> import file-name=Privatekey.key

passphrase:

certificates-imported: 0

private-keys-imported: 0

files-imported: 0

decryption-failures: 0

keys-with-no-certificate: 0



[admin at hotspot] /certificate> print

Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa

0 D name=“cert1” subject=OU=Domain Control Validated,OU=Hosted by
Register.com

,

OU=PositiveSSL,CN=hotspot.firenet1.com

issuer=C=US,O=Register.com,CN=Register.com CA SSL Services (DV)

serial-number=“xxxxxxxxxxxxxxxxxxxxxxxxxxxxx”

invalid-before=jun/07/2011 00:00:00 invalid-after=jun/06/2014 23:59:59


ca=yes

[admin at hotspot] /certificate>



Anyone have any idea what’s going on?

4

just trying to keep this post open for someone to answer.

5

what RouterOS version you used?
Please contact the support@mikrotik.com and include the support output file which is made right after importing the private key.

6

do we know any solution ? have same problem here (MT 5,14). Tryied to import PEM, crt, cer, key, nothing works… :confused:

7

if key is in pkcs8 format it will not be imported. You need to convert it to text format. Or wait for v5.15 where we added support for pkcs8.
http://wiki.mikrotik.com/wiki/Manual:Create_Certificates

8

Hi!

Rb951Ui-2HnD ver. 6.5

certificate import file-name=ca.crt
passphrase:
action timed out - try again, if error continues contact MikroTik support and send a supout file (13)