In order to see if it works I imported invalid certificate (of CA generated on other mikrotik, not one hosting ovpn) but ovpn-client still connects without any problem
[lapsio@CHRgw] > /certificate print detail
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, A - authority, I - issued, R - revoked, E - expired, T - trusted
0 A T name="cert_export_ca-cert.crt_0" issuer=CN=bestpony.ml common-name="bestpony.ml" key-size=4096 days-valid=365 trusted=yes key-usage=key-cert-sign,crl-sign
serial-number="****" fingerprint="****" invalid-before=oct/06/2017 12:28:18
invalid-after=oct/06/2018 12:28:18
[lapsio@CHRgw] > /interface ovpn-client print
Flags: X - disabled, R - running
0 R name="ovpn-bestpony-direct" mac-address=FE:BC:A5:5E:74:E3 max-mtu=1500 connect-to=bestpony.ml port=1194 mode=ethernet user="lapsio-lapvm"
password="****" profile=default certificate=none auth=sha1 cipher=aes256 add-default-route=yes
Am I missing something?