http://wiki.mikrotik.com/wiki/Manual:Create_Certificates says
If everything is imported properly then certificate should show up with KR flag.
[admin@test_host] /certificate> print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 KR name=“cert1” subject=C=LV,ST=RI,L=Riga,O=MT,CN=server,emailAddress=xxx@mt.lv
issuer=C=LV,ST=RI,L=Riga,O=MT,CN=MT CA,emailAddress=xxx@mt.lv serial-number=“01”
email=xxx@mt.lv invalid-before=jun/25/2008 07:24:33
invalid-after=jun/23/2018 07:24:33 ca=yes
Was this for version 5?
I get this under 6.7
/ certificate pr detail
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key,
A - authority, I - issued, R - revoked, E - expired, T - trusted
0 K T name=“server”
issuer=C=us,ST=in,O=Internet Widgits Pty Ltd,CN=caprivate
country=“us” state=“in” organization=“Internet Widgits Pty Ltd”
common-name=“caprivate” key-size=4096 days-valid=365 trusted=yes
key-usage=digital-signature,key-encipherment
serial-number=“13…”
fingerprint=“484…”
invalid-before=mar/03/2014 02:12:22
invalid-after=feb/29/2024 02:12:22
This part confuses me.
Note: Common Name (CN) in server certificate should match the the IP address of your server otherwise you will get “domain mismatch” message and for example Windows SSTP client will not be able to connect to the server. If clients are only Windows machines then CN can be a DNS name, too.
Should the CN field be the IP address of my router? I’m trying to use win 7 and 8 but have not got SSTP working, L2TP works fine.