Community discussions

MikroTik App
 
iranet
just joined
Topic Author
Posts: 12
Joined: Tue Sep 01, 2009 4:11 am

Removing (deleting) issued certificates

Sun Feb 15, 2015 3:51 pm

Hi guys,

I create CA and client certificates at Mikrotik router... I play with it and try different connections protocols etc...
Now, I like to delete them all and start over, but I can not delete them, only revoke them!!!
If I try to remove them, I got message: "Couldn't remove Certificate <xxxxx> - issued certificate can only be revoked (9)"

I'm not crazy, but I'm pretty shure that I can delete the certificates on a day when I create them, (I delete some on same day), but now I can not delete them anymore!!!

Any idea how to delete unwanted certificates?

Thanx
 
fencepost
just joined
Posts: 5
Joined: Sun May 10, 2015 1:58 am

Re: Removing (deleting) issued certificates

Sun May 10, 2015 2:06 am

I had something similar, but after I went through and revoked all the client certificates and the server certificate, then removed the CA, my list of certificates was empty. I wasn't watching each stage, so I'm not sure if it was removing the CA or removing the server cert that did the trick.
 
User avatar
Deantwo
Member
Member
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: Removing (deleting) issued certificates

Fri Aug 12, 2016 1:08 pm

The wiki states this.
Here: http://wiki.mikrotik.com/wiki/Manual:Sy ... icates#FAQ
No idea why it is like this.

I can't create a new certificate with the same name as a revoked certificate, unless I renamed the revoked certificate first. But either way, this will end up cluttering the certificate window with old certificates and making renewing certificates a much bigger headache than it has to be.
I would much more prefer it if the revoked certificates were stored somewhere else and didn't have naming conflicts with valid certificates.

There goes my hope of making a simple API application to manage certificates on the router. Time to give all revoked certificates random names and otherwise make it all horrible to look at.
 
lbgaus
just joined
Posts: 5
Joined: Wed Jul 27, 2016 3:26 pm

Re: Removing (deleting) issued certificates

Tue Feb 06, 2018 7:28 am

I have only found one way of removing an issued certificate... First off, you export the authority certificate that was used to sign it (with passphrase so you get the private key too). Next step is to delete the authority certificate, and finally all certificates signed using it (including the one you wish to remove) also disappear. Then, re-import your authority certificate, then reimport the key file, and you will have accomplished deleting an issued certificate and have your authority certificate back into the system.

If keeping all certificates that have ever been issued on the mikrotik is necessary, you'd have to export each one before deleting the authority certificate. Then re-import them after you've re-imported the authority certificate.
 
afk
just joined
Posts: 2
Joined: Fri Dec 20, 2019 11:22 am

Re: Removing (deleting) issued certificates

Fri Dec 20, 2019 11:33 am

Hello,

I am struggling to make an OpenVPN server on a MikroTik router, I won't say anything about the hardware or software versions because it's a new model and has plenty of those.
What I want to say is:
1. By any chance, in the future, can you make a drop down for "Usage" of a certificate? This drosepdown can have options like "OpenVPN" "IPsec" "etc1" "etc2"
- when you select OpenVPN, a javascript should check (or auto-select) what are the key usage scenarios need for this certificate
- because I made 3 sets of certificates (CA,server,client) and I did not connect as a OpenVPN client to this server due to certificate issues.
- first set was made for 10 years, valid from 1970 to 1980
- guys, if you don't update time automatically when router is connected to the internet, at least throw a notice when creating certificate "morron! this certificate is valid from 1970 to 1980, are you sure you want to continue?"
- second set was with a good date, after updating time in MkroTik router, but key-agreement was missing from the certificate key usage scenarios.
- went to OpenVPN website and found a table explaining what certificate server needs to have an certificate client needs to have
- link: https://openvpn.net/community-resources/how-to/#mitm
- I working on the third certificate, now.
2. Thank you for these good products you make!
 
User avatar
KpuCko
just joined
Posts: 10
Joined: Wed Jul 13, 2016 10:01 am

Re: Removing (deleting) issued certificates

Fri Jun 24, 2022 11:51 am

I had something similar, but after I went through and revoked all the client certificates and the server certificate, then removed the CA, my list of certificates was empty. I wasn't watching each stage, so I'm not sure if it was removing the CA or removing the server cert that did the trick.
When you remove the CA, all the certificates simply disappear. That is the trick.

Who is online

Users browsing this forum: CJWW, orionren and 40 guests