MikroTik Changelog Tracker
← Back to search All components

Component: certificate

153 changelog entries across 57 version(s)

Activity over time (changelog entries per month)

7.21.1 Stable 2026-Jan-19 (2 weeks ago)
  • fixed empty trust store handling in certain cases (introduced in v7.21);
7.21 Stable 2026-Jan-12 (3 weeks ago)
  • added certificate "trust-store" parameter;
  • added option to configure built-in trust store (replaced "builtin-trust-anchors" parameter);
  • added SHA384, SHA512 support for SCEP;
  • allow ca-crl-host parameter for issued certificates;
  • fixed incorrect appearance of "invalid-before" and "invalid-after" dates;
  • improved logging;
  • on certificate import, added the "issued" flag if the certificate store contains the imported certificate's CA and its private key;
  • refactored Certificate internal processes;
7.20 Stable 2025-Sep-29 (4 months ago)
  • added "Amazon Root CA 1" to built-in root certificate authorities store;
  • fixed ACME certificate usage after renewal;
  • improved stability after failed import;
  • trust built-in root certificate authority store after configuration reset;
7.19.1 Stable 2025-May-23 (8 months ago)
  • fixed support for certificates imported or added in RouterOS v7.4 or earlier (introduced in v7.19);
7.19 Stable 2025-May-22 (8 months ago)
  • added built-in root certificate authorities store;
  • do not include CA identity in SCEP POST requests;
  • fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
  • improve error message when trying to use certificate;
  • optimize trust store;
7.18 Stable 2025-Feb-24 (11 months ago)
  • fixed localized text conversion to UTF-8 on certificate creation;
7.17 Stable 2025-Jan-16 (1 year ago)
  • do not download CRL if there is not enough free RAM;
  • do not show not relevant values for certificate template (CLI only);
  • fixed handling of capsman-cap certificates (introduced in v7.16);
  • removed unstructured address field support;
7.16.2 Stable 2024-Nov-26 (1 year ago)
  • do not download CRL if there is not enough free RAM;
  • fixed handling of capsman-cap certificates (introduced in v7.16);
7.16 Stable 2024-Sep-20 (1 year ago)
  • added no-key-export parameter for import;
  • added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
  • automatically parse uppercase symbols to lowercase when registering domain on Let's Encrypt;
  • improved DNS challenge error reporting for Let's Encrypt;
  • improved RSA key signature processing speed;
  • show validity beyond year 2038;
7.15 Stable 2024-May-29 (1 year ago)
  • added support for different ACME servers for ssl-certificate (CLI only);
  • added support for importing pbes2 encrypted private keys with aes128;
  • added trusted parameter for certificate import;
  • allow replacing certificate with internal import;
  • delete certificate related files automatically from storage after import;
  • improved RSA key signature processing speed;
7.14 Stable 2024-Feb-29 (1 year ago)
  • improved certificate validation performance;
7.13 Stable 2023-Dec-14 (2 years ago)
  • add support for multiple DNS names for Let's Encrypt;
  • added HTTP redirect support for CRL download;
  • added support for certificates with key size 16384;
  • fixed CRL updating;
  • fixed certificate auto renewal via SCEP when certificate contains "subject-alt-name";
  • improved CRL signature verification and download error messages;
  • improved initial certificate creation using SCEP;
  • use error topic for CRL update failures;
7.12 Stable 2023-Nov-09 (2 years ago)
  • allow to get and maintain Let's Encrypt certificate in IPv6 environment;
  • allow to remove issued certificates when CRL is not used;
  • fixed "subject-alt-name" duplicating itself when SCEP is used;
  • fixed certificate auto renewal via SCEP;
  • improved certificate validation logging error messages;
  • log CRL HTTP errors under the "error" logging topic;
7.11 Stable 2023-Aug-15 (2 years ago)
  • allow to import certificate with DNS name constraint;
  • fixed PEM import;
  • fixed trust store CRL link if generated on an older version (introduced in v7.7);
  • improved CRL download retry handling;
  • removed request for "passphrase" property on import;
  • require CRL presence when using "crl-use=yes" setting;
  • restored RSA with SHA512 support;
7.10 Stable 2023-Jun-15 (2 years ago)
  • fixed displaying of certificate serial number;
  • improved error reporting for Let's Encrypt certificate;
  • restore available "key-usage" property options;
7.9 Stable 2023-May-02 (2 years ago)
  • fixed bogus log messages;
7.8 Stable 2023-Feb-24 (2 years ago)
  • fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
  • fixed PBES2 certificate import;
  • improved certificate management, signing and storing processes;
  • improved multiple certificate import process;
7.7 Stable 2023-Jan-12 (3 years ago)
  • improved Let's Encrypt logging and error recovery;
  • improved certificate management, signing and storing processes;
7.6 Stable 2022-Oct-17 (3 years ago)
  • fixed SHA1 certificate name lookup;
  • improved certificate management, signing and storing processes;
  • restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
7.5 Stable 2022-Aug-30 (3 years ago)
  • fixed handling of empty AKID by SCEP client;
7.4 Stable 2022-Jul-19 (3 years ago)
  • fixed new CRL updating;
7.2 Stable 2022-Mar-31 (3 years ago)
  • allow to choose digest algorithm for CSR signing;
  • made "fingerprint" parameter read-only;
6.48.6 Long-term 2021-Dec-03 (4 years ago)
  • improved stability when sending bogus SCEP message;
6.49.1 Stable 2021-Nov-17 (4 years ago)
  • improved stability when sending bogus SCEP message;
6.49 Stable 2021-Oct-06 (4 years ago)
  • improved stability when removing dynamic CRL entries;
6.48 Stable 2020-Dec-22 (5 years ago)
  • clear challenge password on renew;
  • fixed CRL URL length limit;
  • fixed private key verification for CA certificate during signing process;
  • generate CRL even when CRL URL not specified;
  • properly flush expired SCEP OTP entries;
6.47 Stable 2020-Jun-02 (5 years ago)
  • added "skid" and "akid" values for detailed print;
  • allow dynamic CRL removal;
  • disabled CRL usage by default;
  • do not use SSL for first CRL update;
6.45.9 Long-term 2020-Apr-30 (5 years ago)
  • fixed certificate verification when flushing CRL's;
6.46.4 Stable 2020-Feb-21 (5 years ago)
  • fixed certificate verification when flushing CRL's;
6.46 Stable 2019-Dec-02 (6 years ago)
  • added progress bar when creating certificate request;
  • added support for certificate request signing with EC keys;
  • allow specifying "file-name" parameter for export (CLI only);
  • allow specifying "name" parameter for import (CLI only);
  • improved CRL updating process;
  • removed "key-size" parameter for "create-certificate-request" command;
6.45.3 Stable 2019-Jul-29 (6 years ago)
  • renew certificates via SCEP when 3/4 of lifetime reached;
6.44.5 Long-term 2019-Jul-04 (6 years ago)
  • removed "set-ca-passphrase" parameter;
6.45.1 Stable 2019-Jun-27 (6 years ago)
  • added "key-type" field;
  • added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
  • fixed self signed CA certificate handling by SCEP client;
  • made RAM the default CRL storage location;
  • removed DSA (D) flag;
  • removed "set-ca-passphrase" parameter;
6.44.3 Stable 2019-Apr-23 (6 years ago)
  • fixed SAN being duplicated on status change (introduced in v6.44);
6.44.1 Stable 2019-Mar-13 (6 years ago)
  • force 3DES encryption for P12 certificate export;
6.43.13 Long-term 2019-Mar-13 (6 years ago)
  • force 3DES encryption for P12 certificate export;
6.44 Stable 2019-Feb-25 (6 years ago)
  • added support for multiple "Subject Alt. Names";
  • enabled RC2 cipher to allow P12 certificate decryption;
  • fixed certificate signing by SCEP client if multiple CA certificates are provided;
  • show digest algorithm used in signature;
6.42.11 Long-term 2018-Dec-21 (7 years ago)
  • properly flush old CRLs when changing store location;
6.43.7 Stable 2018-Nov-30 (7 years ago)
  • fixed "expires-after" parameter calculation;
  • fixed time zone adjustment for SCEP requests;
  • properly flush old CRLs when changing store location;
6.42.10 Long-term 2018-Nov-14 (7 years ago)
  • fixed time zone adjustment for SCEP requests;
6.43 Stable 2018-Sep-06 (7 years ago)
  • added "expires-after" parameter;
  • do not allow to perform "undo" on certificate changes;
  • fixed RA "server-url" setting;
6.40.9 Long-term 2018-Aug-20 (7 years ago)
  • fixed "add-scep" template existence check when signing certificate;
6.42.4 Stable 2018-Jun-15 (7 years ago)
  • fixed "add-scep" template existence check when signing certificate;
6.40.8 Long-term 2018-Apr-23 (7 years ago)
  • fixed incorrect SCEP URL after an upgrade;
6.42 Stable 2018-Apr-13 (7 years ago)
  • added PKCS#10 version check;
  • dropped DES support and added AES instead for SCEP;
  • dropped MD5 support and require SHA1 as minimum for SCEP;
  • fixed incorrect SCEP URL after an upgrade;
6.40.6 Long-term 2018-Feb-20 (7 years ago)
  • do not use UTF-8 for SCEP challenge password;
  • fixed PKCS#10 version;
6.41.1 Stable 2018-Jan-30 (8 years ago)
  • do not use utf8 for SCEP challenge password;
  • fixed PKCS#10 version;
6.41 Stable 2017-Dec-22 (8 years ago)
  • added option to store CRL in RAM (CLI only);
  • fixed SCEP "get" request URL encoding;
  • improved CRL update after system startup;
  • show "Expired" flag when initial CRL fetch fails;
  • show invalid flag when local CRL file does not exist;
6.40.5 Stable 2017-Oct-31 (8 years ago)
  • fixed import of certificates with empty SKID;
6.39 Stable 2017-Apr-27 (8 years ago)
  • SCEP client now supports FQDN URL and port;
  • allow CRL address to be specified as DNS name;
6.38.1 Stable 2017-Jan-13 (9 years ago)
  • added year cap (invalid-after date will not exceed year 2039);
  • fixed fail on import from CAPs when both key and name already exist;
6.37 Stable 2016-Sep-23 (9 years ago)
  • do not allow to remove certificate template while signing certificate;
6.36 Stable 2016-Jul-20 (9 years ago)
  • added automatic scep renewal delay after startup to avoid all requests accessing CA at the same time;
  • cancel pending renew when certificate becomes valid after date change;
  • display issuer and subject on check failure;
  • do not exit after card-verify;
  • force scep renewal on system clock updates;
6.35 Stable 2016-Apr-14 (9 years ago)
  • revoked certificates not showing as (R)evoked;
  • allow manual crl url addition;
6.21 Stable 2014-Oct-30 (11 years ago)
  • fix CRL handling in trust chain;
6.7 Stable 2013-Nov-29 (12 years ago)
  • support ip, dns and email subject alternative names;
6.6 Stable 2013-Nov-07 (12 years ago)
  • no more 'reset-certificate-cache' and 'decrypt' commands,
  • merged '/certificate ca issued', '/certificate scep client' and