diff --git a/.github/scripts/setup_routeros.go b/.github/scripts/setup_routeros.go
index d41495aa..263ce9cd 100644
--- a/.github/scripts/setup_routeros.go
+++ b/.github/scripts/setup_routeros.go
@@ -29,7 +29,7 @@ func main() {
 
 	var err error
 	var client *routeros.Client
-	for i := 0; i < 5; i++ {
+	for i := 0; i < 12; i++ {
 		log.Printf("Connection attempt #%v... ", i)
 		client, err = routeros.Dial(host+":8728", username, password)
 		if err == nil {
diff --git a/routeros/datasource_x509.go b/routeros/datasource_x509.go
new file mode 100644
index 00000000..5cda03d9
--- /dev/null
+++ b/routeros/datasource_x509.go
@@ -0,0 +1,155 @@
+package routeros
+
+import (
+	"context"
+	"crypto/sha256"
+	"crypto/x509"
+	"encoding/pem"
+	"fmt"
+	"regexp"
+	"strings"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/diag"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+)
+
+func DatasourceX509() *schema.Resource {
+	return &schema.Resource{
+		ReadContext: datasourceParseCertificate,
+		Schema: map[string]*schema.Schema{
+			"data": {
+				Type:        schema.TypeString,
+				Required:    true,
+				Description: "X509 certificate in PEM format.",
+			},
+			"id": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"akid": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"authority": {
+				Type:     schema.TypeBool,
+				Computed: true,
+			},
+			"common_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"digest_algorithm": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"fingerprint": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"invalid_after": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"invalid_before": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"issuer": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			// "key_size": {
+			// 	Type:     schema.TypeString,
+			// 	Computed: true,
+			// },
+			"key_type": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			// "key_usage": {
+			// 	Type:     schema.TypeString,
+			// 	Computed: true,
+			// },
+			"serial_number": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"signature_algorithm": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"skid": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"subject": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"subject_alt_name": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+			"version": {
+				Type:     schema.TypeInt,
+				Computed: true,
+			},
+			"pem": {
+				Type:     schema.TypeString,
+				Computed: true,
+			},
+		},
+	}
+}
+
+func datasourceParseCertificate(_ context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+	re := regexp.MustCompile(`(?m)^\s+`)
+	block, _ := pem.Decode(re.ReplaceAll([]byte(d.Get("data").(string)), nil))
+	if block == nil {
+		return diag.Errorf("Invalid PEM content")
+	}
+
+	c, err := x509.ParseCertificate(block.Bytes)
+	if err != nil {
+		return diag.FromErr(err)
+	}
+
+	d.Set("akid", fmt.Sprintf("%x", c.AuthorityKeyId))
+	d.Set("authority", c.IsCA)
+	d.Set("common_name", c.Subject.CommonName)
+	d.Set("digest_algorithm", c.SignatureAlgorithm.String())
+	d.Set("fingerprint", fmt.Sprintf("%x", sha256.Sum256(c.Raw)))
+	d.Set("invalid_after", c.NotAfter.String())
+	d.Set("invalid_before", c.NotBefore.String())
+	d.Set("issuer", c.Issuer.String())
+	d.Set("key_type", c.PublicKeyAlgorithm.String())
+	d.Set("issuer", c.Issuer.String())
+	d.Set("serial_number", c.SerialNumber.Text(16))
+	d.Set("skid", fmt.Sprintf("%x", c.SubjectKeyId))
+	d.Set("signature_algorithm", c.SignatureAlgorithm.String())
+	d.Set("subject", c.Subject.String())
+	d.Set("subject_alt_name", getSANs(c))
+	d.Set("version", c.Version)
+	d.Set("pem", string(pem.EncodeToMemory(block)))
+
+	d.SetId(c.SerialNumber.String())
+
+	return nil
+}
+
+func getSANs(c *x509.Certificate) string {
+	var res []string
+	for _, v := range c.DNSNames {
+		res = append(res, fmt.Sprintf("DNS:%v", v))
+	}
+	for _, v := range c.IPAddresses {
+		res = append(res, fmt.Sprintf("IP:%v", v))
+	}
+	for _, v := range c.EmailAddresses {
+		res = append(res, fmt.Sprintf("EMAIL:%v", v))
+	}
+	for _, v := range c.URIs {
+		res = append(res, fmt.Sprintf("URI:%v", v))
+	}
+	return strings.Join(res, ",")
+}
diff --git a/routeros/datasource_x509_test.go b/routeros/datasource_x509_test.go
new file mode 100644
index 00000000..85b0cc0a
--- /dev/null
+++ b/routeros/datasource_x509_test.go
@@ -0,0 +1,47 @@
+package routeros
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+const testDatasourceX509 = "data.routeros_x509.cert"
+
+func TestAccDatasourceX509Test_basic(t *testing.T) {
+	t.Run("X509", func(t *testing.T) {
+		resource.Test(t, resource.TestCase{
+			ProviderFactories: testAccProviderFactories,
+			Steps: []resource.TestStep{
+				{
+					Config: testAccDatasourceX509Config(),
+					Check: resource.ComposeTestCheckFunc(
+						testResourcePrimaryInstanceId(testDatasourceX509),
+					),
+				},
+			},
+		})
+
+	})
+}
+
+func testAccDatasourceX509Config() string {
+	return providerConfig + `
+
+data "routeros_x509" "cert" {
+	data = <<EOT
+	-----BEGIN CERTIFICATE-----
+	MIIBlTCCATugAwIBAgIINLsws71B5zIwCgYIKoZIzj0EAwIwHzEdMBsGA1UEAwwU
+	RXh0ZXJuYWwgQ2VydGlmaWNhdGUwHhcNMjQwNTE3MjEyOTUzWhcNMjUwNTE3MjEy
+	OTUzWjAfMR0wGwYDVQQDDBRFeHRlcm5hbCBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
+	AgEGCCqGSM49AwEHA0IABKE1g0Qj4ujIold9tklu2z4BUu/K7xDFF5YmedtOfJyM
+	1/80APNboqn71y4m4XNE1JNtQuR2bSZPHVrzODkR16ujYTBfMA8GA1UdEwEB/wQF
+	MAMBAf8wDgYDVR0PAQH/BAQDAgG2MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+	BQcDAjAdBgNVHQ4EFgQUNXd5bvluIV9YAhGc5yMHc6OzXpMwCgYIKoZIzj0EAwID
+	SAAwRQIhAODte/qS6CE30cvnQpxP/ObWBPIPZnHtkFHIIC1AOSXwAiBGCGQE+aJY
+	W72Rw0Y1ckvlt6sU0urkzGuj5wxVF/gSYA==
+	-----END CERTIFICATE-----
+EOT
+}
+`
+}
diff --git a/routeros/mikrotik_client.go b/routeros/mikrotik_client.go
index df7cc992..06de33a1 100644
--- a/routeros/mikrotik_client.go
+++ b/routeros/mikrotik_client.go
@@ -30,6 +30,7 @@ const (
 	crudUpdate
 	crudDelete
 	crudPost
+	crudImport
 	crudSign
 	crudSignViaScep
 	crudRemove
diff --git a/routeros/mikrotik_client_api.go b/routeros/mikrotik_client_api.go
index fd54239a..d4f2e138 100644
--- a/routeros/mikrotik_client_api.go
+++ b/routeros/mikrotik_client_api.go
@@ -25,6 +25,7 @@ var (
 		crudUpdate:      "/set",
 		crudDelete:      "/remove",
 		crudPost:        "/set",
+		crudImport:      "/import",
 		crudSign:        "/sign",
 		crudSignViaScep: "/add-scep",
 		crudRemove:      "/remove",
diff --git a/routeros/mikrotik_client_rest.go b/routeros/mikrotik_client_rest.go
index 0bc2da30..b2afed87 100644
--- a/routeros/mikrotik_client_rest.go
+++ b/routeros/mikrotik_client_rest.go
@@ -32,6 +32,7 @@ var (
 		crudUpdate:      "PATCH",
 		crudDelete:      "DELETE",
 		crudPost:        "POST",
+		crudImport:      "POST",
 		crudSign:        "POST",
 		crudSignViaScep: "POST",
 		crudRemove:      "POST",
diff --git a/routeros/provider.go b/routeros/provider.go
index 3911708a..eab1b549 100644
--- a/routeros/provider.go
+++ b/routeros/provider.go
@@ -290,6 +290,7 @@ func Provider() *schema.Provider {
 			"routeros_ip_services":           DatasourceIPServices(),
 			"routeros_ipv6_addresses":        DatasourceIPv6Addresses(),
 			"routeros_system_resource":       DatasourceSystemResource(),
+			"routeros_x509":                  DatasourceX509(),
 		},
 		ConfigureContextFunc: NewClient,
 	}
diff --git a/routeros/resource_system_certificate.go b/routeros/resource_system_certificate.go
index b68636cb..a8cd2114 100644
--- a/routeros/resource_system_certificate.go
+++ b/routeros/resource_system_certificate.go
@@ -34,13 +34,13 @@ import (
   }
 */
 
-// https://help.mikrotik.com/docs/display/ROS/
+// https://help.mikrotik.com/docs/display/ROS/Certificates
 // https://wiki.mikrotik.com/wiki/Manual:System/Certificates
 func ResourceSystemCertificate() *schema.Resource {
 	resSchema := map[string]*schema.Schema{
 		MetaResourcePath: PropResourcePath("/certificate"),
 		MetaId:           PropId(Id),
-		MetaSkipFields:   PropSkipFields("sign", "sign_via_scep"),
+		MetaSkipFields:   PropSkipFields("import", "sign", "sign_via_scep"),
 
 		"authority": {
 			Type:     schema.TypeString,
@@ -120,6 +120,32 @@ func ResourceSystemCertificate() *schema.Resource {
 			Type:     schema.TypeString,
 			Computed: true,
 		},
+		"import": {
+			Type:          schema.TypeSet,
+			Optional:      true,
+			ForceNew:      true,
+			ConflictsWith: []string{"sign", "sign_via_scep"},
+			Elem: &schema.Resource{
+				Schema: map[string]*schema.Schema{
+					"cert_file_name": {
+						Type:        schema.TypeString,
+						Required:    true,
+						Description: "Certificate file name that will be imported.",
+					},
+					"key_file_name": {
+						Type:        schema.TypeString,
+						Optional:    true,
+						Description: "Key file name that will be imported.",
+					},
+					"passphrase": {
+						Type:        schema.TypeString,
+						Optional:    true,
+						Sensitive:   true,
+						Description: "File passphrase if there is such.",
+					},
+				},
+			},
+		},
 		"invalid_after": {
 			Type:        schema.TypeString,
 			Computed:    true,
@@ -188,11 +214,7 @@ func ResourceSystemCertificate() *schema.Resource {
 			ForceNew:    true,
 			Description: "Locality Name (eg, city).",
 		},
-		"name": {
-			Type:        schema.TypeString,
-			Required:    true,
-			Description: "Name of the certificate. Name can be edited.",
-		},
+		KeyName: PropName("Name of the certificate. Name can be edited."),
 		"organization": {
 			Type:        schema.TypeString,
 			Optional:    true,
@@ -335,38 +357,97 @@ func ResourceSystemCertificate() *schema.Resource {
 		},
 	}
 
-	resCreate := func(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
-		// Run DefaultCreate.
-		diags := ResourceCreate(ctx, resSchema, d, m)
-		if diags.HasError() {
-			return diags
+	certImport := func(ctx context.Context, attrBlock any, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+		var certName string
+
+		bl := attrBlock.(*schema.Set).List()[0].(map[string]interface{})
+		var resUrl = &URL{Path: resSchema[MetaResourcePath].Default.(string)}
+		if m.(Client).GetTransport() == TransportREST {
+			resUrl.Path += "/import"
 		}
 
-		var signConfig any      // User config for certificate signing
-		var params MikrotikItem // Parameters for MikroTik command
+		params := MikrotikItem{KeyName: d.Get(KeyName).(string), "file-name": bl["cert_file_name"].(string)}
+		if passwd, ok := bl["passphrase"]; ok {
+			params["passphrase"] = passwd.(string)
+		}
+
+		// Import certificate
+		err := m.(Client).SendRequest(crudImport, resUrl, params, nil)
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		if keyFile, ok := bl["key_file_name"]; ok {
+			params = MikrotikItem{KeyName: d.Get(KeyName).(string), "file-name": keyFile.(string)}
+			if passwd, ok := bl["passphrase"]; ok {
+				params["passphrase"] = passwd.(string)
+			}
+
+			// Import key
+			err := m.(Client).SendRequest(crudImport, resUrl, params, nil)
+			if err != nil {
+				return diag.FromErr(err)
+			}
+		}
+
+		res, err := ReadItemsFiltered([]string{"name=" + d.Get(KeyName).(string)},
+			resSchema[MetaResourcePath].Default.(string), m.(Client))
+		if err != nil {
+			return diag.FromErr(err)
+		}
+
+		switch len(*res) {
+		case 0:
+			return diag.Errorf("resource not found: name=%v", certName)
+		case 1:
+			retId, ok := (*res)[0][Id.String()]
+			if !ok {
+				return diag.Errorf("attribute %v not found in the response", Id.String())
+			}
+			d.SetId(retId)
+		default:
+			return diag.Errorf("more than one resource found: name=%v", certName)
+		}
+
+		return ResourceRead(ctx, resSchema, d, m)
+	}
+
+	resCreate := func(ctx context.Context, d *schema.ResourceData, m interface{}) diag.Diagnostics {
+		var diags diag.Diagnostics
+		var cmdBlock any // User config for certificate signing
 		var crudMethod crudMethod
 		var command string // MikroTik command to sign certificate
-		if sign, ok := d.GetOk("sign"); ok {
-			signConfig = sign
+		var ok bool
+
+		if _, ok = d.GetOk("import"); !ok {
+			// Run DefaultCreate.
+			diags = ResourceCreate(ctx, resSchema, d, m)
+			if diags.HasError() {
+				return diags
+			}
+		}
+
+		var params MikrotikItem // Parameters for MikroTik command
+
+		if cmdBlock, ok = d.GetOk("sign"); ok {
 			// {"number":"*54", ca: "Test-CA"}
 			params = MikrotikItem{"number": d.Id()}
 			crudMethod = crudSign
 			// https://router/rest/certificate/sign
 			command = "/sign"
-		} else if signViaScep, ok := d.GetOk("sign_via_scep"); ok {
-			signConfig = signViaScep
+		} else if cmdBlock, ok = d.GetOk("sign_via_scep"); ok {
 			params = MikrotikItem{"template": d.Get("name").(string)}
 			crudMethod = crudSignViaScep
 			// https://router/rest/certificate/add-scep
 			command = "/add-scep"
+		} else if cmdBlock, ok = d.GetOk("import"); ok {
+			return certImport(ctx, cmdBlock, d, m)
 		} else {
 			return diags
 		}
 
 		// []interface{map[string]interface{...}}
-		signSchema := signConfig.(*schema.Set).List()[0].(map[string]interface{})
-
-		for k, v := range signSchema {
+		for k, v := range cmdBlock.(*schema.Set).List()[0].(map[string]interface{}) {
 			k = SnakeToKebab(k)
 			switch v := v.(type) {
 			case string:
diff --git a/routeros/resource_system_certificate_import_test.go b/routeros/resource_system_certificate_import_test.go
new file mode 100644
index 00000000..5824cfdd
--- /dev/null
+++ b/routeros/resource_system_certificate_import_test.go
@@ -0,0 +1,96 @@
+package routeros
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-testing/helper/resource"
+)
+
+const testSystemCertificatesImportAddress = "routeros_system_certificate.external"
+
+func TestAccSystemCertificatesTest_import(t *testing.T) {
+	// ROS 7.12.x does not return IDs for created files.
+	if !testCheckMinVersion(t, testFileMinVersion) {
+		t.Logf("Test skipped, the minimum required version is %v", testFileMinVersion)
+		return
+	}
+
+	for _, name := range testNames {
+		t.Run(name, func(t *testing.T) {
+			var externalCrt MikrotikItem
+
+			resource.Test(t, resource.TestCase{
+				PreCheck: func() {
+					testAccPreCheck(t)
+					testSetTransportEnv(t, name)
+				},
+				ProviderFactories: testAccProviderFactories,
+				CheckDestroy:      testCheckResourceDestroy("/certificate", "routeros_system_certificate"),
+				Steps: []resource.TestStep{
+					{
+						Config: testAccSystemCertificatesImportConfig(),
+						Check: resource.ComposeTestCheckFunc(
+							testResourcePrimaryInstanceId(testSystemCertificatesImportAddress),
+							// external_crt
+							testCheckResourceExists("routeros_system_certificate.external", "/certificate", &externalCrt),
+							testCheckMikrotikItemAttr("routeros_system_certificate.external", &externalCrt, "name", "external.crt"),
+							resource.TestCheckResourceAttr("routeros_system_certificate.external", "name", "external.crt"),
+							resource.TestCheckResourceAttr("routeros_system_certificate.external", "common_name", "External Certificate"),
+							resource.TestCheckResourceAttr("routeros_system_certificate.external", "private_key", "true"),
+						),
+					},
+				},
+			})
+
+		})
+	}
+}
+
+func testAccSystemCertificatesImportConfig() string {
+	return providerConfig + `
+data "routeros_x509" "cert" {
+	data = <<EOT
+	-----BEGIN CERTIFICATE-----
+	MIIBlTCCATugAwIBAgIINLsws71B5zIwCgYIKoZIzj0EAwIwHzEdMBsGA1UEAwwU
+	RXh0ZXJuYWwgQ2VydGlmaWNhdGUwHhcNMjQwNTE3MjEyOTUzWhcNMjUwNTE3MjEy
+	OTUzWjAfMR0wGwYDVQQDDBRFeHRlcm5hbCBDZXJ0aWZpY2F0ZTBZMBMGByqGSM49
+	AgEGCCqGSM49AwEHA0IABKE1g0Qj4ujIold9tklu2z4BUu/K7xDFF5YmedtOfJyM
+	1/80APNboqn71y4m4XNE1JNtQuR2bSZPHVrzODkR16ujYTBfMA8GA1UdEwEB/wQF
+	MAMBAf8wDgYDVR0PAQH/BAQDAgG2MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEF
+	BQcDAjAdBgNVHQ4EFgQUNXd5bvluIV9YAhGc5yMHc6OzXpMwCgYIKoZIzj0EAwID
+	SAAwRQIhAODte/qS6CE30cvnQpxP/ObWBPIPZnHtkFHIIC1AOSXwAiBGCGQE+aJY
+	W72Rw0Y1ckvlt6sU0urkzGuj5wxVF/gSYA==
+	-----END CERTIFICATE-----
+EOT
+}
+
+resource "routeros_file" "key" {
+	name     = "external.key"
+	contents = <<EOT
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIHeMEkGCSqGSIb3DQEFDTA8MBsGCSqGSIb3DQEFDDAOBAiy/wEW6/MglgICCAAw
+HQYJYIZIAWUDBAEqBBD6v8dLA2FjPn62Xz57pcu9BIGQhclivPw1eC2b14ea58Tw
+nzDdbYN6/yUiMqapW2xZaT7ZFnbEai4n9/utgtEDnfKHlZvZj2kRhvYoWrvTkt/W
+1mkd5d/runsn+B5GO+CMHFHh4t41WMpZysmg+iP8FiiehOQEsWyEZFaedxfYYtSL
+Sk+abxJ+NMQoh+S5d73niu1CO8uqQjOd8BoSOurURsOh
+-----END ENCRYPTED PRIVATE KEY-----
+EOT
+}  
+
+resource "routeros_file" "cert" {
+	name     = "external.crt"
+	contents = data.routeros_x509.cert.pem
+}  
+
+resource "routeros_system_certificate" "external" {
+	name        = "external.crt"
+	common_name = data.routeros_x509.cert.common_name
+	import {
+		cert_file_name  = routeros_file.cert.name
+		key_file_name   = routeros_file.key.name
+		passphrase      = "11111111"
+	}
+	depends_on = [routeros_file.key, routeros_file.cert]
+}
+`
+}