Manualshelf

System information

ManualsBrandsAXIOMTEK ManualsComputer AccessoriesDSA-132 Series
121122123124125126127128129130
Manual:System/Certificates
119
Manual:System/Certificates
Applies to RouterOS: v6.0 +
Summary
Sub-menu: /certificate
Package required: security
Standards: RFC 5280, draft-nourse-scep-22
Certificate manager is used to collect all certificates inside router, to manage and create serlf-signed certificates and
to control and set SCEP related configuration.
Note: Starting from v6 certificate validity is shown using local time zone offset. In previous versions it was
UTF.
Warning: RSA Key length must be at least 472 bits if certificate is used by SSTP. Shorter keys are
considered as security threats.
Starting from v6rc10, CRL will be automatically renewed every hour for certificates which have
"trusted=yes" using http protocol (ldap and ftp is currently unsupported). Segmented CRL is also
currently unsupported.
RouterOS allows to manage and create self-signed CAs. Implementation was made based on RFC 5280 and all
certificates are X.509 v3.
All certificate fingerprints are SHA1. All private keys and CA export passphrase are stored encrypted with hardware
ID. CA CRL renewal happens at every certificate revocation and after 24hours.
Note: Time and date on routers MUST be correct
General Menu
Sub-menu: /certificate
General menu is used to manage certificates, add templates, issue certificates and manage SCEP Clients.
Note: Certificate templates are deleted right after certificate issue or certificate request command is executed