Manualshelf

System information

ManualsBrandsAXIOMTEK ManualsComputer AccessoriesDSA-132 Series
121122123124125126127128129130
Manual:System/Certificates
123
Status Properties
Property Description
ca-fingerprint (string)
req-fingerprint (string)
status (string) Shows the current status of the client. Idle, pending, requesting etc.
Commands
Command Description
renew (ca_client_name) Renew Ca certificate of specified CA client Name.
Server
Sub-menu: /certificate scep server
OTP
Sub-menu: /certificate scep server otp
Transactions
Sub-menu: /certificate scep server transactions
[ Top | Back to Content ]
Manual:Create Certificates
Following is a step-by-step guide to creating your own CA (Certificate Authority) with openssl on Linux.
Generate certificates
Note: Starting from v5.15 RouterOS supports pkcs8 key format. If you are using older versions, to import
keys in pkcs8 format run command:
openssl rsa -in myKey.key -text and write key output to new file. Upload new file to RouterOS
and import
First step is to build the CA private key and CA certificate pair.
openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
During the process you will have to fill few entries (Common Name (CN), Organization, State or province .. etc).
Created CA certificate/key pair will be valid for 10 years (3650 days).
Now create private-key/certificate pair for the server
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt