Wed May 24, 2023 3:11 pm
We found out that (for us) this is caused by our PKI using sha512 . Since some version 7.x our certificate based VPNs stopped working and we had to at least omit CRL checking. Since 7.8 bypassing the CRL also doesn't work, so we were forced to investigate deeper.
So we created new CA/Intermediate/CRLs for testing, and found out that only changing from sha512 to sha256 made CRLs work again. So this is kind of strange because it's a step back, we've been using sha512 for years with a lot older versions of Mikrotik, and now we basically need to "lower" security to make things work?
Support ticket on this issue stayed unanswered for weeks, so I wonder where we are going with this issue (and how many other people have the same situation)