Community discussions

MikroTik App
 
cantanko
newbie
Topic Author
Posts: 28
Joined: Mon Apr 05, 2010 12:53 am

/certificate - certs issued on 6.44 can't be imported to long-term 6.42.12

Thu Feb 28, 2019 12:44 pm

Hello,

May be missing something obvious here, but when issuing a certificate on 6.44, I can no longer import them to a device running the 6.42.12 long-term branch. I notice the changelog does show that some things have changed with certificates in 6.44, but nothing that looked like it would break backwards compatibility.

As far as I can tell, I'm not doing anything special:
# Create and export from 6.44:

[admin@ca] > /certificate add common-name=$certname name=$certname key-usage=tls-client key-size=4096 days-valid=365
[admin@ca] > /certificate sign ca=$caname $certname
[admin@ca] > /certificate export-certificate $certname export-passphrase=$passphrase type=pkcs12



# Import to 6.42.12

[admin@client] > /certificate import file-name=$certfile passphrase=$passphrase

     certificates-imported: 0
     private-keys-imported: 0
            files-imported: 0
       decryption-failures: 1
  keys-with-no-certificate: 0



# Import to 6.44

[admin@client] > /certificate import file-name=$certfile passphrase=$passphrase

     certificates-imported: 2
     private-keys-imported: 1
            files-imported: 1
       decryption-failures: 0
  keys-with-no-certificate: 0
Is this expected behaviour, have I messed up and should be doing something different on the 6.44 certificate issuance process, or is this a bug?

Thanks in advance folks!
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 6045
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: /certificate - certs issued on 6.44 can't be imported to long-term 6.42.12

Thu Feb 28, 2019 1:22 pm

Thanks, problem confirmed, will fix it as soon as possible.
 
cantanko
newbie
Topic Author
Posts: 28
Joined: Mon Apr 05, 2010 12:53 am

Re: /certificate - certs issued on 6.44 can't be imported to long-term 6.42.12

Thu Feb 28, 2019 1:27 pm

Awesome - cheers!

Who is online

Users browsing this forum: ErickGonzalez, glat and 79 guests