Difference between revisions of "Manual:System/Certificates"

From MikroTik Wiki
Jump to: navigation, search
Line 1: Line 1:
{{Versions | v4, v5.0 +}}
+
{{Versions | v6.0 +}}
 
__TOC__
 
__TOC__
  
Line 6: Line 6:
 
<b>Sub-menu:</b> <code>/certificate</code><br />
 
<b>Sub-menu:</b> <code>/certificate</code><br />
 
<b>Package required:</b> <code>security</code><br />
 
<b>Package required:</b> <code>security</code><br />
<b>Standards:</b> <code></code><br />
+
<b>Standards:</b> <code>RFC 5280, draft-nourse-scep-22</code><br />
 
</p>
 
</p>
  
 
{{...}}
 
{{...}}
==Properties==
+
 
 +
==General Menu==
 +
 
 +
<p id="shbox"> <b>Sub-menu:</b> <code>/certificate</code><br /></p>
 +
 
 +
 
 +
'''Properties'''
  
 
{{...}}
 
{{...}}
Line 31: Line 37:
  
  
==Commands==
+
'''Commands'''
 
{{...}}
 
{{...}}
 
create-certificate-request
 
create-certificate-request
Line 37: Line 43:
 
import
 
import
 
reset-certificate-cache
 
reset-certificate-cache
 +
 +
 +
==Self-Signed CA Management==
 +
 +
<p id="shbox"> <b>Sub-menu:</b> <code>/certificate ca</code><br /></p>
 +
 +
 +
Starting from RouterOS version 6 it is possible to manage and create self-signed CAs. It is not possible to import self signed CAs here. Implementation was made based on RFC 5280 and all certificates are X.509 v3.
 +
 +
 +
'''Properties'''
 +
 +
 +
{{Mr-arg-table-h
 +
|prop=Property
 +
|desc=Description
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=alias
 +
|type=
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=common-name
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=country
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=crl-host
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=email
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=expired
 +
|type=yes {{!}} no
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=fingerprint
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=invalid-after
 +
|type=date
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=invalid-before
 +
|type=date
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=issuer
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=locality
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=name
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=organization
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=self-signed
 +
|type=yes {{!}} no
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=serial-number
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=state
 +
|type=string
 +
|desc=
 +
}}
 +
 +
{{Mr-arg-ro-table-end
 +
|arg=unit
 +
|type=string
 +
|desc=
 +
}}
 +
 +
 +
'''Commands'''
 +
{{Mr-arg-table-h
 +
|prop=Command
 +
|desc=Description
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=create-self-signed-ca
 +
|type=
 +
|desc=Creates self signed CA and generates key. Required extensions are export passphrase (which is used to protect private key when user tries to export it), validity period and IP address.
 +
}}
 +
 +
{{Mr-arg-ro-table
 +
|arg=export
 +
|type=name or number of cert
 +
|desc=Exports certificate and private key which is encrypted with provided passphrase.
 +
}}
 +
 +
{{Mr-arg-ro-table-end
 +
|arg=remove
 +
|type=name or number of cert
 +
|desc=Remove specified CA and all linked certificates.
 +
}}
 +
 +
 +
===Self-signed Certificates===
 +
 +
<p id="shbox"> <b>Sub-menu:</b> <code>/certificate ca certificate</code><br /></p>
 +
  
  
 
[[Category:Manual|C]]
 
[[Category:Manual|C]]
 
[[Category:System|C]]
 
[[Category:System|C]]

Revision as of 09:56, 25 April 2012

Version.png

Applies to RouterOS: v6.0 +

Summary

Sub-menu: /certificate
Package required: security
Standards: RFC 5280, draft-nourse-scep-22

(needs editing)

General Menu

Sub-menu: /certificate


Properties

(needs editing) ca email issuer name subject

Read-only: alias decrypted-private-key dsa invalid-after invalid-before private-key rsa serial-number


Commands (needs editing) create-certificate-request decrypt import reset-certificate-cache


Self-Signed CA Management

Sub-menu: /certificate ca


Starting from RouterOS version 6 it is possible to manage and create self-signed CAs. It is not possible to import self signed CAs here. Implementation was made based on RFC 5280 and all certificates are X.509 v3.


Properties


Property Description
alias ()
common-name (string)
country (string)
crl-host (string)
email (string)
expired (yes | no)
fingerprint (string)
invalid-after (date)
invalid-before (date)
issuer (string)
locality (string)
name (string)
organization (string)
self-signed (yes | no)
serial-number (string)
state (string)
unit (string)


Commands

Command Description
create-self-signed-ca () Creates self signed CA and generates key. Required extensions are export passphrase (which is used to protect private key when user tries to export it), validity period and IP address.
export (name or number of cert) Exports certificate and private key which is encrypted with provided passphrase.
remove (name or number of cert) Remove specified CA and all linked certificates.


Self-signed Certificates

Sub-menu: /certificate ca certificate