Yes, RouterOS 7.9+ supports certificates with secp384r1 keys.
RouterOS versions before 7.9 possibly also support secp384r1 certificates but I have no older RouterOS available for testing at the moment.
28
May
2023
Security
28
May
2023
How to generate Certificate Signing Request (CSR) using OpenSSL without config file
This will generate an ECDSA P-384 key and a certificate signing request. The CSR and the key will be stored in server.csr and server.key respectively
openssl req -new -newkey ec:<(openssl ecparam -name secp384r1) -nodes -out server.csr -keyout server.key -subj '/CN=mycn/O=MyOrg/C=DE'
28
May
2023
How to add subjectAltName to certificate on the command line using OpenSSL
Use the following command line option to add a subjectAltName field to a certificate request.
-addext "subjectAltName=DNS:*.mydomain.com"
28
May
2023
How to generate self-signed ECDSA CA certificate non-interactively using OpenSSL
This post uses -newkey syntax from How to create ECDSA P-384 (secp384r1) using OpenSSL (-newkey)
The following command will generate a self-signed CA certificate using a ECDSA P-384 key withou any interactive questions. All parameters are given on the command line.
openssl req -newkey ec:<(openssl ecparam -name secp384r1) -nodes -x509 -keyout ca.key -out ca.pem -days 365000 -subj '/CN=myca.mydomain.com/O=MyOrganization/C=DE'
Note that you don’t have to use a domain name as CN (common name). There are few requirements for CAs in general but depending on for what – and with what software – you’ll use the CA, the requirements may vary.
28
May
2023
How to create ECDSA P-384 (secp384r1) using OpenSSL (-newkey)
In order to generate a ECDSA certificate using the P-384 curve, use the following form of the -newkey argument:
-newkey ec:<(openssl ecparam -name secp384r1)
Example:
openssl req -newkey ec:<(openssl ecparam -name secp384r1) -nodes -x509 -keyout ca.key -out ca.pem -days 365000