Since probably the upgrade to 7.5 I can't access anymore the web interface through a VPN of my Mikrotik.
The browser (regardless of Edge or Firefox) show:
I then checked the configuration and it looks like no certificate is assigned to the web-ssl process. But I'm also unable to assign one:Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
Code: Select all
[admin@MikroTik] > /ip service print where name=www-ssl
Columns: NAME, PORT, CERTIFICATE, VRF
# NAME PORT CERTIFICATE VRF
0 www-ssl 443 none main
[admin@MikroTik] > /certificate print
Columns: NAME, COMMON-NAME, SUBJECT-ALT-NAME
# NAME COMMON-NAME SUBJECT-ALT-NAME
0 Self-signed mikrotik.pato.local DNS:mikrotik.pato.local
[admin@MikroTik] > ip service set www-ssl certificate=mikrotik.pato.local disabled=no
input does not match any value of certificate
[admin@MikroTik] > ip service set www-ssl certificate=0 disabled=no
input does not match any value of certificate
[admin@MikroTik] > /certificate print
Columns: NAME, COMMON-NAME, SUBJECT-ALT-NAME
# NAME COMMON-NAME SUBJECT-ALT-NAME
0 Self-signed mikrotik.pato.local DNS:mikrotik.pato.local
[admin@MikroTik] > /ip service print where name=www-ssl
Columns: NAME, PORT, CERTIFICATE, VRF
# NAME PORT CERTIFICATE VRF
0 www-ssl 443 none main
[admin@MikroTik] > /ip service print
Columns: NAME, PORT, CERTIFICATE, VRF
# NAME PORT CERTIFICATE VRF
0 telnet 23 main
1 ftp 21
2 www 80 main
3 ssh 22 main
4 www-ssl 443 none main
5 api 8728 main
6 winbox 8291 main
7 api-ssl 8729 none main
[admin@MikroTik] > ip service set www-ssl certificate=Self-signed disabled=no
input does not match any value of certificate
[admin@MikroTik] > /certificate add common-name=mikrotik.pato.local subject-alt-name=DNS:mikrotik.pato.local key-size=2048 days-valid=3650 key-usage=tls-server name=self-signed2
[admin@MikroTik] > /ip service print where name=www-ssl
Columns: NAME, PORT, CERTIFICATE, VRF
# NAME PORT CERTIFICATE VRF
4 www-ssl 443 none main
[admin@MikroTik] > /certificate print
Columns: NAME, COMMON-NAME, SUBJECT-ALT-NAME
# NAME COMMON-NAME SUBJECT-ALT-NAME
0 Self-signed mikrotik.pato.local DNS:mikrotik.pato.local
1 self-signed2 mikrotik.pato.local DNS:mikrotik.pato.local
[admin@MikroTik] > ip service set www-ssl certificate=self-signed2 disabled=no
input does not match any value of certificate
[admin@MikroTik] >
I luckily still have access through SSH.