Yes, RouterOS 7.9+ supports certificates with secp384r1
keys.
RouterOS versions before 7.9 possibly also support secp384r1
certificates but I have no older RouterOS available for testing at the moment.
Yes, RouterOS 7.9+ supports certificates with secp384r1
keys.
RouterOS versions before 7.9 possibly also support secp384r1
certificates but I have no older RouterOS available for testing at the moment.
This will generate an ECDSA P-384 key and a certificate signing request. The CSR and the key will be stored in server.csr
and server.key
respectively
openssl req -new -newkey ec:<(openssl ecparam -name secp384r1) -nodes -out server.csr -keyout server.key -subj '/CN=mycn/O=MyOrg/C=DE'
Use the following command line option to add a subjectAltName
field to a certificate request.
-addext "subjectAltName=DNS:*.mydomain.com"
This post uses -newkey
syntax from How to create ECDSA P-384 (secp384r1) using OpenSSL (-newkey)
The following command will generate a self-signed CA certificate using a ECDSA P-384 key withou any interactive questions. All parameters are given on the command line.
openssl req -newkey ec:<(openssl ecparam -name secp384r1) -nodes -x509 -keyout ca.key -out ca.pem -days 365000 -subj '/CN=myca.mydomain.com/O=MyOrganization/C=DE'
Note that you don’t have to use a domain name as CN
(common name). There are few requirements for CAs in general but depending on for what – and with what software – you’ll use the CA, the requirements may vary.
In order to generate a ECDSA certificate using the P-384 curve, use the following form of the -newkey
argument:
-newkey ec:<(openssl ecparam -name secp384r1)
openssl req -newkey ec:<(openssl ecparam -name secp384r1) -nodes -x509 -keyout ca.key -out ca.pem -days 365000