Community discussions

MikroTik App
 
AstroPig7
newbie
Topic Author
Posts: 28
Joined: Mon Feb 17, 2020 12:28 am

Certificate woes (CRL errors and private key import)

Sat Mar 18, 2023 5:29 pm

I manage the certificates for my MikroTik devices via a central CA. I renewed the certificate for my RouterOS 7.8 device earlier today and tried to import the new certificate with its associated private key, but only the certificate will import. Whenever I attempt to import the private key, nothing is imported, but I also see no error messages:
[admin@DEVICE] > /certificate/import file-name=DEVICE.key.pem 
passphrase: ************
     certificates-imported: 0
     private-keys-imported: 0
            files-imported: 0
       decryption-failures: 0
  keys-with-no-certificate: 0
I know the passphrase is correct because I tested the private key with OpenSSL. This is the same private key that was associated with the previous certificate, so I know it worked before. It’s an RSA key using AES-256-CBC with a bit length of 2048. Does any of this sound like something that was deprecated in an intervening version of RouterOS? Furthermore, I am getting the following error in the system log when I import the certificate:
10:19:54 certificate,error unsupported CRL protocol for URL: https://CRL_URL
I used
/tools/fetch
to confirm the device can download the CRL file, and I double-checked that it is signed with the same certificate as the one I successfully imported. (I blanked the CRL URL because it’s an internal URL that you won’t be able to check.)
Last edited by AstroPig7 on Sat Mar 18, 2023 8:24 pm, edited 1 time in total.
 
AstroPig7
newbie
Topic Author
Posts: 28
Joined: Mon Feb 17, 2020 12:28 am

Re: Certificate woes (CRL errors and private key import)  [SOLVED]

Sat Mar 18, 2023 5:42 pm

I managed to import both files by combining them into a PKCS #12 file (.pfx). I assume PEM import has been changed or unintentionally broken in an intervening version of RouterOS.

Who is online

Users browsing this forum: Bing [Bot], ivicask, onnyloh, tim427 and 91 guests