mirror of
https://github.com/eworm-de/routeros-scripts
synced 2024-05-14 08:04:19 +00:00
global-functions: $CertificateAvailable: check whole chain
The root certificate is a self-signed certificate. Check for the issue certificate until we find the self-signed one.
This commit is contained in:
parent
801dce05fa
commit
352818ea48
|
@ -116,6 +116,7 @@
|
|||
:local CommonName [ :tostr $1 ];
|
||||
|
||||
:global CertificateDownload;
|
||||
:global ParseKeyValueStore;
|
||||
|
||||
:if ([ / system resource get free-hdd-space ] < 8388608 && \
|
||||
[ / certificate settings get crl-download ] = true && \
|
||||
|
@ -127,6 +128,17 @@
|
|||
:log info ("Certificate with CommonName \"" . $CommonName . "\" not available.");
|
||||
$CertificateDownload $CommonName;
|
||||
}
|
||||
|
||||
:local CertVal [ / certificate get [ find where common-name=$CommonName ] ];
|
||||
:local Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
|
||||
:while ($Issuer != $CertVal->"common-name") do={
|
||||
:if ([ / certificate print count-only where common-name=$Issuer ] = 0) do={
|
||||
:log info ("Certificate chain for \"" . $CommonName . "\" is incomplete, missing \"" . $Issuer . "\".");
|
||||
$CertificateDownload $CommonName;
|
||||
}
|
||||
:set CertVal [ / certificate get [ find where common-name=$Issuer ] ];
|
||||
:set Issuer ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
|
||||
}
|
||||
}
|
||||
|
||||
# send notification via e-mail
|
||||
|
|
Loading…
Reference in a new issue