Certificates - MikroTik RouterOS v2.9 Reference Manual

To use a Certificate (which contain a public key), server needs a private key. One of the keys is
used for encryption, and the other - for decryption. It is important to understand, that both keys can
encrypt and decrypt, but what is encrypted by one of them can be decrypted only by the another.
Private key must be kept securely, so that nobody else can get it and use this certificate. Usually
private key is encrypted with a passphrase.
Most trusted Certificate Authorities sell the service of signing Certificates (Certificates also have a
finite validity term, so you will have to pay regularly). It is also possible to create a self-signed
Certificate (you can create one on most UNIX/Linux boxes using openssl toolkit; all Root
Certificate Authorities have self-signed Certificates), but if it is not present in a browser's database,
the browser will pop up a security warning, saying that the Certificate is not trusted (note also that
most browsers support importing custom Certificates to their databases).

Certificates

Home menu level: /certificate
Description
MikroTik RouterOS can import Certificates for the SSL services it provides (only HotSpot for
now). This submenu is used to manage Certificates for this services.
Property Description
name ( name ) - reference name
subject ( read-only: text ) - holder (subject) of the certificate
issuer ( read-only: text ) - issuer of the certificate
serial-number ( read-only: text ) - serial number of the certificate
invalid-before ( read-only: date ) - date the certificate is valid from
invalid-after ( read-only: date ) - date the certificate is valid until
ca ( yes | no ; default: yes ) - whether the certificate is used for building or verifying certificate
chains (as Certificate Authority)
Command Description
import - install new certificates
• file-name - import only this file (all files are searched for certificates by default)
• passphrase - passphrase for the found encrypted private key
• certificates-imported - how many new certificates were successfully imported
• private-keys-imported - how many private keys for existing certificates were successfully
imported
• files-imported - how many files contained at least one item that was successfully imported
• decryption-failures - how many files could not be decrypted
• keys-with-no-certificate - how many public keys were successfully decrypted, but did not have
matching certificate already installed
reset-certificate-cache - delete all cached decrypted public keys and rebuild the certificate cache
Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA.
Other trademarks and registred trademarks mentioned herein are properties of their respective owners.
Page 563 of 695