create certificates for ovpn are this correct?

Mon Apr 29, 2019 5:23 am

Hello, i create certificates for my Mikrotik router to use OVPN

My question now is whether it can be used for all purposes or just ovpn
Are the sign KLAT, KAT correct because the wiki is different.

https://wiki.mikrotik.com/wiki/Manual:C ... rtificates
Any help is welcome

[admin@MikroTik] /certificate> print
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority,
I - issued, R - revoked, E - expired, T - trusted
 #          NAME    CO.. SUBJECT-ALT-NAME                                  FI..
 0 K L A  T myCa    myCa                                                   14..
 1 K   A  T server  se..                                                   37..
 2 K   A  T client1 cl..                                                   6d..
 3 K   A  T client2 cl..                                                   c1..

tdw · Mon Apr 29, 2019 11:46 am

The certificates can be also used for other types of VPN or for HTTPS. The server and client certificates should not have the "A" flag - did you enter each /certificate sign command individually, or paste them from the wiki?

Be aware the Mikrotik OpenVPN client does not check certificates and is susceptible to man-in-the-middle attacks, see https://janis-streib.de/post/mikrotik-ovpn-security/ and https://www.cvedetails.com/cve/CVE-2018-10066/

Tue Apr 30, 2019 8:45 am

Hello, thanks for your reply.

I have copy and paste this from the wiki from Mikrotik.

I look to the given links.

Thank you.

tdw · Wed May 01, 2019 2:48 pm

Try entering each sign command one at a time instead of pasting the whole block from the Wiki

create certificates for ovpn are this correct?

create certificates for ovpn are this correct?

Re: create certificates for ovpn are this correct?

Re: create certificates for ovpn are this correct?

Re: create certificates for ovpn are this correct?

Who is online