The documentation on this isn’t clear.
The Mikrotik recent video states a respective CA public Key has to be imported for ssl-verify to work.
Is there a specific CA pub key that should be imported?
is it the CA pub key for where the list hosted?
Two great videos to help with that.
https://www.youtube.com/watch?v=w4erB0VzyIE
https://www.youtube.com/watch?v=RMJnjyAOfLI
- Use Firefox (always, as a general recommendation)
- In Firefox open the blocklist link, that you are going to be importing, for example https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- Click on the Padlock icon in the address bar, Connection Secure → More information → View Certificate
- Download the root certificate and import it in the router
The https://github.com/ imports for me
The https://raw.githubusercontent.com does not
If you are importing the root certificate, it does not matter. Try and see if it works
The cert just deletes itself, tried several times.
I have a screen cap where can I upload it ?
Forum has an attachment button when you write a post.
The PEM file is deleted, that’s normal. Type /certificate print
http://forum.mikrotik.com/t/updating-ca-root-certs-regularly/144990/1
You can import all CA certificates, no more matter wher adfile is downloaded.
/file
print file=mkcert.txt
:delay 1s
set mkcert.txt content=“-----BEGIN CERTIFICATE-----\r
\nMIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw\r
\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\r
\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4\r
\nWhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu\r
\nZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY\r
\nMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc\r
\nh77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+\r
\n0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U\r
\nA5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW\r
\nT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH\r
\nB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC\r
\nB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv\r
\nKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn\r
\nOlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn\r
\njh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw\r
\nqHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI\r
\nrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV\r
\nHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq\r
\nhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL\r
\nubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ\r
\n3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK\r
\nNFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5\r
\nORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur\r
\nTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC\r
\njNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc\r
\noyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq\r
\n4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA\r
\nmRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d\r
\nemyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=\r
\n-----END CERTIFICATE-----”
/certificate
import file-name=mkcert.txt passphrase=“” name=imported-ca-cert_mkcert
/file remove [find where name=mkcerts.txt]
:do {
/tool fetch url=https://mkcert.org/generate/all/except/nothing check-certificate=yes dst-path=mkcerts.pem
remove [find where name~“imported-ca-cert*” expired=yes]
import file-name=mkcerts.pem passphrase=“” name=imported-ca-cert
/file remove [find where name=mkcerts.pem]
:log info “Trust Store: Certificates update from mkcert.org succeeded”
} on-error={
:log error “Trust Store: Unable to update certificates from mkcert.org”
}
EDIT:
https://forum.mikrotik.com/viewtopic.php?p=1083839#p1083841
added backward compatibility for unexpected new behaviour
Certificate file is now automatically removed, no need to delete manually
I make scripts that are possibly backwards compatible from v6.48.7
I am against using any kind of old software. If something doesn’t work, upgrade
When you provide the user-manager again for v7, instead of calling something that isn’t actually the user-manager on that way…
And when you also provide all the features present on v6 that v7 doesn’t have, as indicated in the previous example, also readable BGP debug logs, etc. etc. etc.
So the problem is: How to update to a version for which you don’t provide updates?
Adapt your setup to new software. Change it, so that it works with what you have in v7. We have large and complex networks with v7 and they work great. Stop living in the past
You should follow your own words with wifi hardware too, but that’s not the case…
Where is your 4096QAM?
But I won’t continue, so as not to go too offtopic…
yes it deletes the file, but nothing is imported.
My list shows 2 capsman entrys the third is my cloudflare cert for DoH
2 T cloudflare-dns-com.pem_0 DigiCert Global Root G2 4e2254201895e6e36ee60ffafab912ed06178f39
The cap is mp4 so i can’t get it to upload.
Thanks I'll take a look in a bit my brain is much slower than yourS -750 speed or somthink like that!
I did that but Terminal said 0 imported, and adlist doesn’t work using ssl.