Because you generated the rsa key with a passphrase with a password. It's not a bug!Hi, I'm using routeros 7.13 and found that it do not ask for password when importing password-protected certificates:while it works when specifying passphrase explicitly:Code:[admin@MICL] /> /certificate/import file-name=ttt.pem certificates-imported: 1 private-keys-imported: 0 files-imported: 0 decryption-failures: 0 keys-with-no-certificate: 0Is it bug or feature? If it's feature - it's pretty bad feature because printing password on the screen is a somewhat of a security compromise.Code:[admin@MICL] /> /certificate/import file-name=ttt.pem passphrase=foobar certificates-imported: 1 private-keys-imported: 1 files-imported: 1 decryption-failures: 0 keys-with-no-certificate: 0
File ttt.pem generated in the following way:where `openssl rsa -in ttt-key.pem` asks for password.Code:export OPASS=foobaropenssl genrsa -aes192 -out ttt-key.pem -passout env:OPASS 2048openssl req -new -config etc/client.conf -out ttt.csr -key ttt-key.pem -subj "/CN=ttt/O=ORG/OU=ORGU/"openssl ca -config etc/signing-ca.conf -in ttt.csr -out ttt.crt -extensions client_extcat ttt.crt ttt-key.pem > ttt.pem
Or I'm missing something and the PEM should be generated in other way to be imported with password prompt?
Thank you.
OpenSSL Generated Root CA For MikroTik certificate import
viewtopic.php?p=1032604#p1032604
Statistics: Posted by wfburton — Wed Dec 27, 2023 8:38 pm