Manual:System/Certificates: Difference between revisions

← Older edit Newer edit →

Revision as of 09:56, 25 April 2012

Applies to RouterOS: v6.0 +

Summary

Sub-menu: /certificate
Package required: security
Standards: RFC 5280, draft-nourse-scep-22

(needs editing)

General Menu

Sub-menu: /certificate

Properties

(needs editing) ca email issuer name subject

Read-only: alias decrypted-private-key dsa invalid-after invalid-before private-key rsa serial-number

Commands (needs editing) create-certificate-request decrypt import reset-certificate-cache

Self-Signed CA Management

Sub-menu: /certificate ca

Starting from RouterOS version 6 it is possible to manage and create self-signed CAs. It is not possible to import self signed CAs here. Implementation was made based on RFC 5280 and all certificates are X.509 v3.

Properties

Property	Description
`alias` ()
`common-name` (string)
`country` (string)
`crl-host` (string)
`email` (string)
`expired` (yes \| no)
`fingerprint` (string)
`invalid-after` (date)
`invalid-before` (date)
`issuer` (string)
`locality` (string)
`name` (string)
`organization` (string)
`self-signed` (yes \| no)
`serial-number` (string)
`state` (string)
`unit` (string)

Commands

Command	Description
`create-self-signed-ca` ()	Creates self signed CA and generates key. Required extensions are export passphrase (which is used to protect private key when user tries to export it), validity period and IP address.
`export` (name or number of cert)	Exports certificate and private key which is encrypted with provided passphrase.
`remove` (name or number of cert)	Remove specified CA and all linked certificates.

Self-signed Certificates

Sub-menu: /certificate ca certificate

@@ Line 1: / Line 1: @@
-{{Versions | v4, v5.0 +}}
+{{Versions | v6.0 +}}
 __TOC__
@@ Line 6: / Line 6: @@
 <b>Sub-menu:</b> <code>/certificate</code><br />
 <b>Package required:</b> <code>security</code><br />
-<b>Standards:</b> <code></code><br />
+<b>Standards:</b> <code>RFC 5280, draft-nourse-scep-22</code><br />
 </p>
 {{...}}
-==Properties==
+==General Menu==
+<p id="shbox"> <b>Sub-menu:</b> <code>/certificate</code><br /></p>
+'''Properties'''
 {{...}}
@@ Line 31: / Line 37: @@
-==Commands==
+'''Commands'''
 {{...}}
 create-certificate-request
@@ Line 37: / Line 43: @@
 import
 reset-certificate-cache
+==Self-Signed CA Management==
+<p id="shbox"> <b>Sub-menu:</b> <code>/certificate ca</code><br /></p>
+Starting from RouterOS version 6 it is possible to manage and create self-signed CAs. It is not possible to import self signed CAs here. Implementation was made based on RFC 5280 and all certificates are X.509 v3.
+'''Properties'''
+{{Mr-arg-table-h
+|prop=Property
+|desc=Description
+}}
+{{Mr-arg-ro-table
+|arg=alias
+|type=
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=common-name
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=country
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=crl-host
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=email
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=expired
+|type=yes {{!}} no
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=fingerprint
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=invalid-after
+|type=date
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=invalid-before
+|type=date
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=issuer
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=locality
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=name
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=organization
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=self-signed
+|type=yes {{!}} no
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=serial-number
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table
+|arg=state
+|type=string
+|desc=
+}}
+{{Mr-arg-ro-table-end
+|arg=unit
+|type=string
+|desc=
+}}
+'''Commands'''
+{{Mr-arg-table-h
+|prop=Command
+|desc=Description
+}}
+{{Mr-arg-ro-table
+|arg=create-self-signed-ca
+|type=
+|desc=Creates self signed CA and generates key. Required extensions are export passphrase (which is used to protect private key when user tries to export it), validity period and IP address.
+}}
+{{Mr-arg-ro-table
+|arg=export
+|type=name or number of cert
+|desc=Exports certificate and private key which is encrypted with provided passphrase.
+}}
+{{Mr-arg-ro-table-end
+|arg=remove
+|type=name or number of cert
+|desc=Remove specified CA and all linked certificates.
+}}
+===Self-signed Certificates===
+<p id="shbox"> <b>Sub-menu:</b> <code>/certificate ca certificate</code><br /></p>
 [[Category:Manual|C]]
 [[Category:System|C]]

Manual:System/Certificates: Difference between revisions

Revision as of 09:56, 25 April 2012

Contents

Summary

General Menu

Self-Signed CA Management

Self-signed Certificates

Navigation menu

Manual:System/Certificates: Difference between revisions

Revision as of 09:56, 25 April 2012

Summary

General Menu

Self-Signed CA Management

Self-signed Certificates

Navigation menu

Search