certificate

---

certificate

Type: Directory

Flag	Name	Description
K	private-key	private-key
L	crl	crl
C	smart-card-key	smart-card-key
A	authority	authority
I	issued	issued
R	revoked	revoked
E	expired	expired
T	trusted	trusted
a	acme-managed	acme-managed
D	dynamic	dynamic

Argument	Type	Description
active	switch
inactive	switch
name	string
trust-store	alt { enum (all) { all:cerm::trust_store::All } , ubit () { } }
digest-algorithm	enum (md5 | sha1 | sha256 | sha384 | sha512)
trusted	bool
common-name	string
organization	string
unit	string
locality	string
state	string
country	string
subject-alt-name	object { composite { , } { , } }
key-size	enum (prime256v1 | secp384r1 | secp521r1 | 1024 | 1536 | 2048 | 4096 | 8192)
key-usage	ubit (digital-signature, content-commitment, key-encipherment, data-encipherment, key-agreement, key-cert-sign, crl-sign, encipher-only, decipher-only, tls-server, tls-client, code-sign, email-protect, timestamp, ocsp-sign, dvcs)
days-valid	num

Read-only Argument	Type	Description
ca-crl-host	string
ca	enum
scep-url	string
fingerprint	string
req-fingerprint	string
ca-fingerprint	string
expires-after	time { }
challenge-password	string
domain-names	string
directory-url	string
acme-status	string
revoked	date
status	string
issuer	multi { array-id, string }
key-type	enum (rsa | dsa | ec)
invalid-before	date
invalid-after	date
serial-number	string
akid	string
skid	string

certificate/add-acme

Type: Command

Argument	Type	Description
name	string
domain-names	string	comma separated list of domain names or a wildcard domain
directory-url	string
eab-kid	string
eab-key-b64	string

certificate/add-scep

Type: Command

Argument	Type	Description
name	string
ca-identity	string
template	enum
scep-url	string
challenge-password	string
on-smart-card	bool	stores private key on smart card if hardware supports it
refresh	bool	check certificate expiry and refresh it if expired

certificate/builtin

Type: Directory

Argument	Type	Description
common-name	string
organization	string
unit	string
locality	string
state	string
country	string
subject-alt-name	object { composite { , } { , } }
key-size	enum (prime256v1 | secp384r1 | secp521r1 | 1024 | 1536 | 2048 | 4096 | 8192)
key-usage	ubit (digital-signature, content-commitment, key-encipherment, data-encipherment, key-agreement, key-cert-sign, crl-sign, encipher-only, decipher-only, tls-server, tls-client, code-sign, email-protect, timestamp, ocsp-sign, dvcs)
days-valid	num

Read-only Argument	Type	Description
issuer	multi { array-id, string }
key-type	enum (rsa | dsa | ec)
invalid-before	date
invalid-after	date
serial-number	string
akid	string
skid	string

certificate/card-reinstall

Type: Command

Argument	Type	Description
pin	string

certificate/card-verify

Type: Command

Argument	Type	Description
pin	string

certificate/create-certificate-request

Type: Command

Argument	Type	Description
template	enum
key-passphrase	string
challenge-passphrase	string

Read-only Argument	Type	Description
progress	string

certificate/crl

Type: Directory

Flag	Name	Description
E	expired	expired
D	dynamic	dynamic
I	invalid	invalid

Argument	Type	Description
url ( mandatory )	string

Read-only Argument	Type	Description
cert	enum (none)
trust-store	alt { enum (all) { all:cerm::trust_store::All } , ubit () { } }
num	num
revoked	num
next-update	date
last-update	date
akid	string
fingerprint	string
signature	string

certificate/crl/download

Type: Command

certificate/crl/flush

Type: Command

certificate/enable-ssl-certificate

Type: Command

Argument	Type	Description
dns-name	string	domain name for SSL certificate
directory-url	string	ACME directory url
eab-hmac-key	string	base64url encoded EAB hmac key
eab-kid	string	EAB account id
reset-private-key	bool	initialize new private key

Read-only Argument	Type	Description
progress	string

certificate/export-certificate

Type: Command

Argument	Type	Description
export-passphrase	string
type	bool
file-name	file

certificate/import

Type: Command

Argument	Type	Description
name	string
file-name	file
passphrase	string
trusted	bool	mark as trusted
trust-store	alt { enum (all) { all:cerm::trust_store::All } , ubit () { } }
no-key-export	bool	disallow private key export

Read-only Argument	Type	Description
certificates-imported	num
private-keys-imported	num
files-imported	num
decryption-failures	num
keys-with-no-certificate	num
keys-decrypted	num

certificate/issued-revoke

Type: Command

certificate/scep-renew

Type: Command

certificate/scep-server

Type: Directory

Flag	Name	Description
X	disabled	disabled

Argument	Type	Description
ca-cert ( mandatory )	enum
next-ca-cert	enum (none)
path ( mandatory )	string
days-valid	num
request-lifetime	time

certificate/scep-server/otp

Type: Directory

Flag	Name	Description
E	expired	expired

Read-only Argument	Type	Description
password	string
expires	time
used	bool

certificate/scep-server/otp/generate

Type: Command

Argument	Type	Description
minutes-valid	num

Read-only Argument	Type	Description
password	string

certificate/scep-server/ra

Type: Directory

Flag	Name	Description
X	disabled	disabled
C	smart-card-key	smart-card-key

Argument	Type	Description
name ( mandatory )	string
server-url ( mandatory )	string
template ( mandatory )	enum
challenge-password	string
ca-identity	string
fingerprint-algorithm	enum (sha256 | sha1 | md5)
ra-path	string
ra-transaction-lifetime	time
on-smart-card	bool	stores private key on smart card

Read-only Argument	Type	Description
req-fingerprint	string
ca-fingerprint	string
status	string

certificate/scep-server/ra/renew

Type: Command

certificate/scep-server/requests

Type: Directory

Read-only Argument	Type	Description
authority	alt { enum , enum }
status	enum (pending | granted | denied | authorized | waiting | failed | issued | invalid)
created	date
transaction-id	string
req-fingerprint	string
country	string
state	string
locality	string
organization	string
unit	string
common-name	string
serial-number	string
subject-alt-name	object { composite { , } { , } }

certificate/scep-server/requests/grant

Type: Command

certificate/settings

Type: Settings Directory

Argument	Type	Description
builtin-trust-store	alt { enum (default | all | untrusted) { default:cerm::trust_store::Default, all:cerm::trust_store::All, untrusted:cerm::trust_store::None } , ubit () { } }	RouterOS provided CA certificates
current-defaults	ubit ()
crl-download	bool	auto CRL download and update
crl-use	bool	perform CRL checking when validating trust chain
crl-store	enum (system | ram)	CRL storage location

certificate/sign

Type: Command

Argument	Type	Description
name	string
ca-crl-host	multi { array-id, string }	adds CRL URL to created certificate
ca-on-smart-card	bool	stores CA's private key on smart card
ca	enum	issuer CA

Read-only Argument	Type	Description
progress	string

certificate/sign-certificate-request

Type: Command

Argument	Type	Description
ca	enum
file-name	file
days-valid	num
digest-algorithm	enum (md5 | sha1 | sha256 | sha384 | sha512)