Community discussions

MikroTik App
 
worldcitizen
just joined
Topic Author
Posts: 6
Joined: Tue Jan 24, 2017 9:58 pm

Importing a pem certificat

Tue Jan 24, 2017 10:12 pm

When a pem certificate is imported that holds the ca, crt and the private key (client.pem). The key is not handled/recognised.

When the pem without the key (client_wokey.pem) is imported and after that the private key (client.key). This is handled without a problem.

It would be great if the client.pem would be handled without this problem.
The pass phrase is "test". As it's just a test certificate.
You do not have the required permissions to view the files attached to this post.
 
andriys
Forum Guru
Forum Guru
Posts: 1526
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: Importing a pem certificat

Tue Jan 24, 2017 11:12 pm

The following workaround usually works for me. Just try importing the same combined (cert+key) .pem file twice. It'll import certificate on the first first try and then the key on the second try.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1067
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: Importing a pem certificat

Fri Mar 22, 2019 10:09 am

RouterOS can not store just keys, it stores certificates and adds the key when available. This is what happens if you import client.pem:
  1. Private key -> no matching certificate -> ignored
  2. Certificate -> imported
  3. Certificate -> imported
Then on second import:
  1. Private key -> matching certificate found -> imported
  2. Certificate -> already available -> ignored
  3. Certificate -> already available -> ignored
But this is easy to fix: The PEM file has to contain the certificate and key blocks in correct order, certificates first, keys last. Then import works in one go:
  1. Certificate -> imported
  2. Certificate -> imported
  3. Private key -> matching certificate found -> imported
Make sure the file looks something like this:
-----BEGIN CERTIFICATE-----
MIIFIjCCA...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFfTC...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,1B58971ECA6D3DD4

Qv2MUB2odq...
-----END RSA PRIVATE KEY-----

Who is online

Users browsing this forum: Bing [Bot] and 26 guests