Community discussions

MikroTik App
 
imuccini
just joined
Topic Author
Posts: 5
Joined: Mon Jun 20, 2022 1:14 am

REST API Certificate - FullChain.pem?

Thu Mar 30, 2023 10:12 am

Hi,
I need to reach Mikrotik via REST APIs form an online server where I can only upload a .crt and .key files for the client certificate, not even the passphrase.
I was able to bypass the passphrase problem by using openssl to convert the .key with passphrase in one without it and this seems working,
openssl rsa -in server.key -out server-nopass.key
I tried with locally generated certificates as per the Mikrotik user guide, but the service I am using does not accept it and give error that a self signed certificate is used.

I tried using the native Let'Encrypt integration in Mikrotik, downloaded the certificate and done the same to remove the passphrase. Imported the cert and key in server and then I get an error "unable to verify the first certificate".

I read online that I might be able to solve this by importing the fullchain.pem certificate. Is there a waypoint to get the fullchain.pem when generating the let's encrypt certificate directly in Mikrotik terminal?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: REST API Certificate - FullChain.pem?

Thu Mar 30, 2023 12:58 pm

Image

Use fetch for get

https://letsencrypt.org/certs/isrgrootx1.pem (not needed, must not be imported for work as expected...)

https://letsencrypt.org/certs/lets-encrypt-r3.pem

and import the certificate.

Who is online

Users browsing this forum: No registered users and 103 guests