Still having that problem.
We've set up a local ca that generates client certificates, it is configured to set not valid before and not valid after to a 10 year timewindow. So the importe certificates should be valid for 3650 days. routerOS sets 'Days Valid' to 365. Why is that?
And still why does an Upgrade loose all imported certificates?
Consider a scenario where you hundreds of vpn clients (RB9xx) and you want to upgrade them remotely.
You can but they will never be able to connect to the server again because after the upgrade they don't have valid certificates anymore. Is that per design or is it a bug?