Version 7.6beta10 with its changes on "certificate - improved certificate management, signing and storing processes" brought problems.
I'm importing only .crt file of CA-Certificate for CAPsMAN (clean fresh install - netinstall or VHDX, VMDK, VDI, OVA), i not want save CA private key in router.
The support did not reproduce the console history and just said - "Does it still work if you enable the key after importing the certificate? It should work". (SUP-95194).
Code: Select all
[admin@MikroTik] > /certificate add name="r1-ca" common-name="r1-ca" subject-alt-name="email:r1-ca" key-size=2048 key-usage=key-cert-sign,crl-sign
[admin@MikroTik] > /certificate sign "r1-ca"
progress: done
[admin@MikroTik] > /certificate add name="r1" common-name="192.168.2.14" subject-alt-name="IP:192.168.2.14" key-size=2048 key-usage=digital-signature,content-commitment,key-encipherment,key-agreement,tls-s
erver
[admin@MikroTik] > /certificate sign "r1" ca="r1-ca"
progress: done
[admin@MikroTik] > /certificate export-certificate r1-ca file-name=r1-ca export-passphrase=passphrase type=pem
[admin@MikroTik] > /certificate export-certificate r1 file-name=r1 export-passphrase=passphrase type=pkcs12
[admin@MikroTik] > /certificate/remove r1-ca
[admin@MikroTik] > /certificate/import file-name="r1-ca.crt" name="r1-ca" passphrase="passphrase"
certificates-imported: 1
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
[admin@MikroTik] > /certificate/import file-name="r1.p12" name="r1" passphrase="passphrase"
certificates-imported: 1
private-keys-imported: 1
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
[admin@MikroTik] > /caps-man/manager/set ca-certificate=r1-ca certificate=r1 enabled=yes require-peer-certificate=yes
input does not match any value of ca-certificate