-
Notifications
You must be signed in to change notification settings - Fork 93
SSL connection
Daniel Frantik edited this page Jan 7, 2018
·
4 revisions
SSL-API connection is supported since tik4net 1.7.0.0. Certificate chain validation is not supported. Your communication will be safe, but your security strength is still in your password. Mode without certificates (anonymous Diffie-Hellman cipher) is not supported either. For details about ssl-api see mikrotik wiki.
You can either create certificate by mikrotik (see bellow) or use your own certificate (which is not described in this article)
- Create certificate
/ certificate add name=mikrotik-CA common-name=mikrotik-CA
- Sign certificate (replace 192.168.88.1 by your mikrotik IP)
/ certificate print
/ certificate sign name=mikrotik-CA ca-crl-host=192.168.88.1
+ choose the newly created certificate (ususally 0)
- Enable ssl-api and set its certificate
/ ip service set api-ssl disabled=no certificate=mikrotik-CA
- Open connection as usual, but use TikConnectionType.ApiSsl connection type
using (var conection = ConnectionFactory.OpenConnection(TikConnectionType.ApiSsl, host, user, pass))
{
// do something usefull
}- api-ssl API is available since RouterOS 6.1 version
- only api-ssl with certificate is supported
- certificate chain is not verified by tik4net api, it is just used to handle ssl connection
- tik4net implementation of ssl-api connection is still in alpha - api could be changed