Immediately after importing the certificate-response.pem file (the cert from CACert), free memory begins dropping steadily for about 15 seconds, before it suddenly nosedives to around 4mb, CPU usage hits 100%, and the router drops all connections for a little bit. Once I can get back into winbox, the free memory countdown has already begun again. This cycle repeats about every 30 seconds, indefinitely. When I delete the imported cert, the memory usage stabilizes, but the CPU stays at 100% until I reboot the router.
This is repeatable in my environment, I cannot get it to import the certificate without immediately becoming unstable.
Can you import again that cert but this time with an eye on /tools profile looking for the most CPU consuming process once you click on OK for the import?
Well, the behavior changed a bit… Now when I import the cert, the memory loss is happening very slowly, with free memory dropping from 45mb to 32-35mb in 15-18 minutes, at which point a runaway memory/cpu use crunch occurs, triggering a reboot–every 15-18 minutes.
The cpu profile category that shows high usage during the runaway is “unclassified”.
No… This RB2011 shipped with a relatively recent v6 version, and I don’t think I can downgrade it to v5. Would it be worth downgrading within the v6 branch?
I upgraded from 6.27 straight to 6.29 and now have the same problem. It runs out of memory in under 30 seconds.
Deleteing all certificates fixes the problem.
It is 6.5MB large file, internally by SSL library it will use ~65MB of RAM. Make sure your router has enough free memory, for routers with less memory use certificates without CRL.