Manual:System/Certificates
From MikroTik Wiki
Applies to RouterOS: v6.0 +
Summary
Sub-menu: /certificate
Package required: security
Standards: RFC 5280, draft-nourse-scep-22
(needs editing)
General Menu
Sub-menu: /certificate
Properties
(needs editing) ca email issuer name subject
Read-only: alias decrypted-private-key dsa invalid-after invalid-before private-key rsa serial-number
Commands (needs editing) create-certificate-request decrypt import reset-certificate-cache
Self-Signed CA Management
Sub-menu: /certificate ca
Starting from RouterOS version 6 it is possible to manage and create self-signed CAs. It is not possible to import self signed CAs here. Implementation was made based on RFC 5280 and all certificates are X.509 v3.
Properties
| Property | Description |
|---|---|
| alias () | |
| common-name (string) | |
| country (string) | |
| crl-host (string) | |
| email (string) | |
| expired (yes | no) | |
| fingerprint (string) | |
| invalid-after (date) | |
| invalid-before (date) | |
| issuer (string) | |
| locality (string) | |
| name (string) | |
| organization (string) | |
| self-signed (yes | no) | |
| serial-number (string) | |
| state (string) | |
| unit (string) |
Commands
| Command | Description |
|---|---|
| create-self-signed-ca () | Creates self signed CA and generates key. Required extensions are export passphrase (which is used to protect private key when user tries to export it), validity period and IP address. |
| export (name or number of cert) | Exports certificate and private key which is encrypted with provided passphrase. |
| remove (name or number of cert) | Remove specified CA and all linked certificates. |
Self-signed Certificates
Sub-menu: /certificate ca certificate
