Community discussions

MikroTik App
 
ghostt
just joined
Topic Author
Posts: 21
Joined: Tue Apr 24, 2018 4:07 pm
Location: Australia

SSTP server with CRL, certificate import problem

Mon Sep 13, 2021 3:56 am

Hi guys,

I had a CCR1036 v6.46.xxx (sorry, can't remember what "xxx" was) working as a SSTP server with multiple clients connected to it. CRL was set as a CCR's local IP address (10.0.0.1, for instance). The router got physically burned. Having all backups and certificates it was very easy to configure a new CCR1036 and import server / CA certificates. However, none of the clients could connect. At the time with literally hundreds of clients screaming I couldn't give troubleshooting much time and I had to stop checking clients certificates. All SSTP clients reconnected to the new CCR immediately.

Is it possible to transfer server and CA signed with CRL certificates to a new hardware and I simply did something wrong? Or I had to generate new server, CA and a bunch of client certificates (which I had to do in the end)?

Any help would be appreciated.

Kind regards, and thank you in advance.
 
User avatar
tukan
just joined
Posts: 7
Joined: Tue Apr 13, 2021 10:39 am

Re: SSTP server with CRL, certificate import problem

Mon Sep 20, 2021 10:43 am

Yes, it is possible to transfer the certificates. You have to export them first correctly. I would recommend doing the export/import procedure before actually going live.

Who is online

Users browsing this forum: dmitris, onnyloh, patrikg and 92 guests