My steps:
1) /certificate create-certificate-request
I fill all the details, specially common name and pass phrase. It generates 2 files, -private.pem and -request.pem
2) I download the -request file, submit it to cacert, and obtain a signed certificate, which I upload by ftp
3) /certificate import
certificates-imported: 1
files-imported: 1
Code: Select all
/certificate print
Flags: K - decrypted-private-key, Q - private-key, R - rsa, D - dsa
0 name="cert1" subject=CN=mydomain.com issuer=O=Root CA,OU=http:,,www.cacert.org,CN=CA Cert Signing Authority,emailAddress=support@cacert.org
serial-number="0B9XXX" invalid-before=apr/10/2012 08:19:08 invalid-after=oct/07/2012 08:19:08 ca=yes What am i doing wrong? Of course, I get ssl errors on every browser tested.. Here's the output from openssl:
Code: Select all
$ openssl s_client -connect mydomain.com:443
CONNECTED(00000003)
140019519768224:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1195:SSL alert number 40
140019519768224:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1334048750
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Code: Select all
> /system resource print
uptime: 1h4m16s
version: 5.14
free-memory: 18816KiB
total-memory: 29708KiB
cpu: MIPS 24Kc V7.4
cpu-count: 1
cpu-frequency: 680MHz
cpu-load: 3%
free-hdd-space: 30980KiB
total-hdd-space: 61440KiB
write-sect-since-reboot: 1538
write-sect-total: 3209
bad-blocks: 0%
architecture-name: mipsbe
board-name: RB750G
platform: MikroTikThanks.
But as the note says, it should be fixed in next version.
