MikroTik

1st of all sorry for the english you're about to read :c

I've been working with SSTP vpn with self signed certificates created with mkt, no problems at all until today. CA, server and 14 client certs (KLAT, KIT and KI flags respectively).

Today i wanted to issue a new client certificate, following the same procedure as of 14 already created, but for some unknown reason is creating with KA flags, as if were a new CA.


don't know nothing about certificates, don't know if there is a limit in client certs for each CA OR if its something wrong with mkt itself

Thanks in advance

It looks like you forgot to specify CA certificate when trying to sign new certificate.
/certificate sign <template> ca=<ca_name>

i thought it was that, but after writing in terminal using tab to autocomplete exactly, the problem remains. i mean, writing "sign ca=" and hitting TAB completes with my CA, then add "name=xyz", resulting in "sign ca=CA client-template name=xyz" but again it generates an authority KA

so, i tried writing letter by letter in terminal, using previous terminal command from last successful client cert and by completing with TAB, but no luck

Could be some kind of limit between CA and client certs? 1 CA per 14 clients or so?

Updated to 6.29.1, still generating KA client certs. Anyone have info about this?

Regards

if anyone interested, i managed to solve the problem.

The problem is at the moment when you create the template. Even if you dont specify any key usage when you hit enter in terminal or apply in GUI, it reverts to CA defaults (key-cert-sign, etc), so at signing it signs as a new authority. Solution is to create the template in GUI and prior signing uncheck all boxes, hit apply and then sign the certificate.

I can verify this is happening on every mkt device ive played with.

Regards