hello there,

i wonder if its possible to disable the cert-checking on the MT for tr069?

thank you!

christian

It is already possible to use self-signed certificate. What are you asking for specifically and for what purpose?

hey nomis,

thank you for your response.. - i know that regarding the self signed cert.
my only question was: is there a way to make a ssl connection without having an cert installed on the RB - means trusting every cert without
a CA cert from me..

i had success by using the ca cert the cert on the ACS was used.

btw: regarding the tr069 client:
do you have a RPC parameter list Mikrotik supports ? may there are some X?

thank you

christian

Can you clarify your reasoning, why you need it? This would allow ANYONE to configure your routers, without security.

The parameters are described here https://wiki.mikrotik.com/wiki/Manual:TR069-client

hi nomis,

sorry for the late respone.
well the idea is to have one managementinterface which is bound to the tr069 client which is already secured enough.
so i wonder if there is a way without any certificate to trust the cwmp server on any instances.

anyway i validated it with the root-CA. and it was working fine. - thank you very much at this point.

on more question regarding the RouterOS TR069 "client supported parameter reference document" (https://wiki.mikrotik.com/tr069ref/current.html)
is it also available via xml? or can i get it directly from the device itself ? (if yes - how?)

i also understood
RPC Download option "1" for Firmware Upgrade pointed to an xml.
RPC Download option "3" Vendor Configuration file with any file extension.

can you please clarify the .alter file mechanism - is this something i tell the ROS to execute the downloaded file? (like a regular script?)

thank you for your great help!

christian