mirror of
https://github.com/eworm-de/routeros-scripts
synced 2024-05-14 08:04:19 +00:00
check-certificates: make the warning time configurable
This commit is contained in:
parent
36a8938dea
commit
555d0e8bfc
5 changed files with 7 additions and 2 deletions
|
@ -13,6 +13,7 @@
|
||||||
:global CertRenewPass;
|
:global CertRenewPass;
|
||||||
:global CertRenewTime;
|
:global CertRenewTime;
|
||||||
:global CertRenewUrl;
|
:global CertRenewUrl;
|
||||||
|
:global CertWarnTime;
|
||||||
:global Identity;
|
:global Identity;
|
||||||
|
|
||||||
:global CertificateAvailable
|
:global CertificateAvailable
|
||||||
|
@ -103,7 +104,8 @@ $WaitFullyConnected;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) expires-after<2w !(fingerprint=[]) ] do={
|
:foreach Cert in=[ /certificate/find where !revoked !scep-url !(expires-after=[]) \
|
||||||
|
expires-after<$CertWarnTime !(fingerprint=[]) ] do={
|
||||||
:local CertVal [ /certificate/get $Cert ];
|
:local CertVal [ /certificate/get $Cert ];
|
||||||
|
|
||||||
:if ([ :len [ /certificate/scep-server/find where ca-cert=($CertVal->"ca") ] ] > 0) do={
|
:if ([ :len [ /certificate/scep-server/find where ca-cert=($CertVal->"ca") ] ] > 0) do={
|
||||||
|
|
|
@ -32,6 +32,7 @@ in `global-config-overlay`, these are the parameters:
|
||||||
* `CertRenewPass`: an array of passphrases to try
|
* `CertRenewPass`: an array of passphrases to try
|
||||||
* `CertRenewTime`: on what remaining time to try a renew
|
* `CertRenewTime`: on what remaining time to try a renew
|
||||||
* `CertRenewUrl`: the url to download certificates from
|
* `CertRenewUrl`: the url to download certificates from
|
||||||
|
* `CertWarnTime`: on what remaining time to warn via notification
|
||||||
|
|
||||||
Certificates on the web server should be named `CN.pem` (`PEM` format) or
|
Certificates on the web server should be named `CN.pem` (`PEM` format) or
|
||||||
`CN.p12` (`PKCS#12` format).
|
`CN.p12` (`PKCS#12` format).
|
||||||
|
|
|
@ -194,6 +194,7 @@
|
||||||
"v3ry-s3cr3t";
|
"v3ry-s3cr3t";
|
||||||
"4n0th3r-s3cr3t";
|
"4n0th3r-s3cr3t";
|
||||||
}
|
}
|
||||||
|
:global CertWarnTime 2w;
|
||||||
:global CertIssuedExportPass {
|
:global CertIssuedExportPass {
|
||||||
"cert1-cn"="v3ry-s3cr3t";
|
"cert1-cn"="v3ry-s3cr3t";
|
||||||
"cert2-cn"="4n0th3r-s3cr3t";
|
"cert2-cn"="4n0th3r-s3cr3t";
|
||||||
|
|
|
@ -97,6 +97,7 @@
|
||||||
86="Added support for hooks in 'sms-forward'. This now provides similar functionality to 'sms-action', but is more flexible.";
|
86="Added support for hooks in 'sms-forward'. This now provides similar functionality to 'sms-action', but is more flexible.";
|
||||||
87="Added support for extra text (or emojis \F0\9F\9A\80) in notification tags.";
|
87="Added support for extra text (or emojis \F0\9F\9A\80) in notification tags.";
|
||||||
88="Added support for monitoring CPU load and available free RAM in 'check-health'.";
|
88="Added support for monitoring CPU load and available free RAM in 'check-health'.";
|
||||||
|
89="Made the warning time for 'check-certificates' configurable.";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Migration steps to be applied on script updates
|
# Migration steps to be applied on script updates
|
||||||
|
|
|
@ -12,7 +12,7 @@
|
||||||
:local 0 "global-functions";
|
:local 0 "global-functions";
|
||||||
|
|
||||||
# expected configuration version
|
# expected configuration version
|
||||||
:global ExpectedConfigVersion 88;
|
:global ExpectedConfigVersion 89;
|
||||||
|
|
||||||
# global variables not to be changed by user
|
# global variables not to be changed by user
|
||||||
:global GlobalFunctionsReady false;
|
:global GlobalFunctionsReady false;
|
||||||
|
|
Loading…
Reference in a new issue