Hi there,
first of all, let me -- again -- explicitly say that I do appreciate your effort to help. Thank you for your time and effort. Again, I apologize if I have offended you; I did not intend to. I am still looking for hints as to how to troubleshoot my problem and am grateful for any pointers.
Having said that, I do have some remarks to your comments.
I asky you yesterday the export
... full export without omit anything except username and password of working and non-working? ...
and you post only firewall filter section
I ask again
... for full export I intend full export of devices, not only firewall filter section ...
and you reply
... No particular settings on either the (non-working) switch or the (working) AP:..
Indeed. Instead, I have asked you where you were headed (which you chose not to explain), because as you well know, cleaning and reading a potentially large complete config export is tedious work that is completely unnecessary and a waste of everybody's time (yours, mine, and of everyone else reading this thread). If you know what you are looking for, fine, then say so, that was *exactly* what I was originally asking for: A clue where to look. If you don't feel like telling me what you think the problem is, fine as well, then don't.
If the situation remains "I ask for help, but I think what you ask me is useless so I know how to get by on my own"
The situation indeed remains "I am asking for pointers where to look." So, I wonder, if you know exactly what you want to look for in my "complete export", then why don't you tell me? Something like "sounds like your problem could be caused by CRL handling, have you tried adding `check-certificate=no` and verified that the CRL handling options are set correctly in `/certificate settings`" would have been very appreciated indeed. Being rude and talking down to me because I didn't do exactly as you asked is not appreciated. I suppose that if you asked a question about whatever and I answered "try `/system reset-configuration`", you would certainly not just run that command without thinking about it first and trying to understand why it would help?
go ahead alone and don't complain if at some point people don't care about your problems.
I don't whine, you do. And I do think I am allowed to ask for help *and* do some thinking of my own.
I have about twenty CRS112-8P-4S, and I spent my time to test on all, and no one gives me problems on https.
The only thing I can't do is test on your server, which is probably the cause of all the problems.
That is indeed very unfortunate, because it would actually be interesting and potentially helpful to see whether your CRS112s also show the same problem.
And, yes, *of* *course* the problem is somewhere in the combination of my server and the CRS112s. That is obvious, and I never said otherwise. What I am trying to figure out is what exactly the problem is.
... I *can* download via HTTPS from *other* servers just fine...
Not probably... CERTAINLY
Obviously the problem is triggered by some property of my server, yes. Question is, what is the trigger and why is it a problem exactly for those four devices, but for no other clients at all (neither any other MikroTik devices that I was able to try nor any other browser on any other device/computer/mobile whatsoever)? And, to repeat my original question, I am still very grateful for any hints of where to look for the reason.
Cheers,
Toby.