Due to issues reported, I had to re-write this guide. This time all certificates are generated by mikrotik routerboard. I use openssl just to create the .p12 personal information exchange file for the android client.
Mikrotik routerOS used : 6.41.1
Android version used : 7
First we have to create some SSL certificates. A CA, a server certificate and a client certificate. Let’s start with the CA. Replace XX and xxxxxx with your information :
/certificate add name=ca-template common-name=myCa key-usage=key-cert-sign,crl-sign days-valid=3650 key-size=2048 country=XX state=xxxxxx locality=xxxxxx organization=xxxxxx unit="Certificate Authority" sign ca-template name=myCa set myCa trusted=yes