Exactly! I do not understand how in 2020's it is not yet possible to create a user with the encrypted version of his password. I don't have to know the password of my colleagues when I install a router and I have to create their access! Do not tell me that Radius is the right solution, when the rout...

Finally, i have the solution. The problem was the CRL. Import certificates with CRL works : - on old router: IP -> Services -> enable WWW - on old router: make sure the firewall is open - on new: - verify you have a connectivity to old router (ping, traceroute..) - import certificates with passphras...

Would any of you have the solution?
I am in the same situation.
The imported CA is not "recognized".
Generating new client certificates is not an option.