Difference between revisions of "Mikrotik: Certificate Generate"

Make certificate templates

/certificate
add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign
add name=server-template common-name=server
add name=client1-template common-name=client1
add name=client2-template common-name=client2

Sign certificates and add CRL url

We will use IP address of the server as CRL URL.

/certificate 
sign ca-template ca-crl-host=192.168.88.198 name=myCa
sign server-template ca=myCa name=server
sign client1-template ca=myCa name=client1
sign client2-template ca=myCa name=client2

Trust Certificate

/certificate
set myCa trusted=yes
set server trusted=yes

Export Certificate

Export client certificates with keys and CA certificate:

/certificate export-certificate myCa
/certificate export-certificate client1 export-passphrase=xxxxxxxx
/certificate export-certificate client2 export-passphrase=xxxxxxxx

Print

[admin@pe0] /certificate> print 
Flags: K - private-key, D - dsa, L - crl, C - smart-card-key, 
A - authority, I - issued, R - revoked, E - expired, T - trusted 
 #         NAME               COMMON-NAME               FINGERPRINT              
 0 K L A T myCa               myCa                      7fa636e6576495fe78f1a4...
 1 K   I T server             server                    cf0650a291bf4685f2fbd3...
 2 K   I   client1            client1                   26233de30e89b203b946ab...
 3 K   I   client2            client2                   cf172b62201befaf8d8966...