MikroTik Changelog Tracker
← Back to search All components

Component: certificate

154 changelog entries across 58 version(s)

Releases by channel (stacked)

7.21.3 Stable 2026-Feb-12 (2 weeks ago)
  • fixed initial certificate creation using SCEP (introduced in v7.21);
7.21.1 Stable 2026-Jan-19 (1 month ago)
  • fixed empty trust store handling in certain cases (introduced in v7.21);
7.21 Stable 2026-Jan-12 (1 month ago)
  • added certificate "trust-store" parameter;
  • added option to configure built-in trust store (replaced "builtin-trust-anchors" parameter);
  • added SHA384, SHA512 support for SCEP;
  • allow ca-crl-host parameter for issued certificates;
  • fixed incorrect appearance of "invalid-before" and "invalid-after" dates;
  • improved logging;
  • on certificate import, added the "issued" flag if the certificate store contains the imported certificate's CA and its private key;
  • refactored Certificate internal processes;
7.20 Stable 2025-Sep-29 (5 months ago)
  • added "Amazon Root CA 1" to built-in root certificate authorities store;
  • fixed ACME certificate usage after renewal;
  • improved stability after failed import;
  • trust built-in root certificate authority store after configuration reset;
7.19.1 Stable 2025-May-23 (9 months ago)
  • fixed support for certificates imported or added in RouterOS v7.4 or earlier (introduced in v7.19);
7.19 Stable 2025-May-22 (9 months ago)
  • added built-in root certificate authorities store;
  • do not include CA identity in SCEP POST requests;
  • fixed cloud-dns challenge validation for sn.mynetname.net (CLI only);
  • improve error message when trying to use certificate;
  • optimize trust store;
7.18 Stable 2025-Feb-24 (1 year ago)
  • fixed localized text conversion to UTF-8 on certificate creation;
7.17 Stable 2025-Jan-16 (1 year ago)
  • do not download CRL if there is not enough free RAM;
  • do not show not relevant values for certificate template (CLI only);
  • fixed handling of capsman-cap certificates (introduced in v7.16);
  • removed unstructured address field support;
7.16.2 Stable 2024-Nov-26 (1 year ago)
  • do not download CRL if there is not enough free RAM;
  • fixed handling of capsman-cap certificates (introduced in v7.16);
7.16 Stable 2024-Sep-20 (1 year ago)
  • added no-key-export parameter for import;
  • added support for cloud-dns challenge validation for sn.mynetname.net (CLI only);
  • automatically parse uppercase symbols to lowercase when registering domain on Let's Encrypt;
  • improved DNS challenge error reporting for Let's Encrypt;
  • improved RSA key signature processing speed;
  • show validity beyond year 2038;
7.15 Stable 2024-May-29 (1 year ago)
  • added support for different ACME servers for ssl-certificate (CLI only);
  • added support for importing pbes2 encrypted private keys with aes128;
  • added trusted parameter for certificate import;
  • allow replacing certificate with internal import;
  • delete certificate related files automatically from storage after import;
  • improved RSA key signature processing speed;
7.14 Stable 2024-Feb-29 (2 years ago)
  • improved certificate validation performance;
7.13 Stable 2023-Dec-14 (2 years ago)
  • add support for multiple DNS names for Let's Encrypt;
  • added HTTP redirect support for CRL download;
  • added support for certificates with key size 16384;
  • fixed CRL updating;
  • fixed certificate auto renewal via SCEP when certificate contains "subject-alt-name";
  • improved CRL signature verification and download error messages;
  • improved initial certificate creation using SCEP;
  • use error topic for CRL update failures;
7.12 Stable 2023-Nov-09 (2 years ago)
  • allow to get and maintain Let's Encrypt certificate in IPv6 environment;
  • allow to remove issued certificates when CRL is not used;
  • fixed "subject-alt-name" duplicating itself when SCEP is used;
  • fixed certificate auto renewal via SCEP;
  • improved certificate validation logging error messages;
  • log CRL HTTP errors under the "error" logging topic;
7.11 Stable 2023-Aug-15 (2 years ago)
  • allow to import certificate with DNS name constraint;
  • fixed PEM import;
  • fixed trust store CRL link if generated on an older version (introduced in v7.7);
  • improved CRL download retry handling;
  • removed request for "passphrase" property on import;
  • require CRL presence when using "crl-use=yes" setting;
  • restored RSA with SHA512 support;
7.10 Stable 2023-Jun-15 (2 years ago)
  • fixed displaying of certificate serial number;
  • improved error reporting for Let's Encrypt certificate;
  • restore available "key-usage" property options;
7.9 Stable 2023-May-02 (2 years ago)
  • fixed bogus log messages;
7.8 Stable 2023-Feb-24 (3 years ago)
  • fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
  • fixed PBES2 certificate import;
  • improved certificate management, signing and storing processes;
  • improved multiple certificate import process;
7.7 Stable 2023-Jan-12 (3 years ago)
  • improved Let's Encrypt logging and error recovery;
  • improved certificate management, signing and storing processes;
7.6 Stable 2022-Oct-17 (3 years ago)
  • fixed SHA1 certificate name lookup;
  • improved certificate management, signing and storing processes;
  • restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
7.5 Stable 2022-Aug-30 (3 years ago)
  • fixed handling of empty AKID by SCEP client;
7.4 Stable 2022-Jul-19 (3 years ago)
  • fixed new CRL updating;
7.2 Stable 2022-Mar-31 (3 years ago)
  • allow to choose digest algorithm for CSR signing;
  • made "fingerprint" parameter read-only;
6.48.6 Long-term 2021-Dec-03 (4 years ago)
  • improved stability when sending bogus SCEP message;
6.49.1 Stable 2021-Nov-17 (4 years ago)
  • improved stability when sending bogus SCEP message;