Crash_Override/routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts synced 2024-05-14 08:04:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

README: add more general certificate information

Browse source
This commit is contained in:
Christian Hesse 2018-09-14 20:40:21 +02:00
parent ea5083a427
commit 74d59641e6
1 changed files with 9 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
README.md
View file

@ -23,7 +23,9 @@ Initial setup
------------- -------------
The update script does server certificate verification, so first step is to The update script does server certificate verification, so first step is to
download the certificates. download the certificates. If you intend to download the scripts from a
different location (for example from github.com) install the corresponding
certificate chain.
[admin@MikroTik] > / tool fetch "https://letsencrypt.org/certs/isrgrootx1.pem.txt" [admin@MikroTik] > / tool fetch "https://letsencrypt.org/certs/isrgrootx1.pem.txt"
status: finished status: finished
@ -60,7 +62,8 @@ Then we import the certificates.
decryption-failures: 0 decryption-failures: 0
keys-with-no-certificate: 0 keys-with-no-certificate: 0
For basic verification we rename and print the certifiactes. Make sure two certificates are listed. For basic verification we rename and print the certifiactes. Make sure two
certificates are listed.
[admin@MikroTik] > / certificate set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] [admin@MikroTik] > / certificate set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ]
[admin@MikroTik] > / certificate set name="Let-s-Encrypt-Authority-X3" [ find where fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" ] [admin@MikroTik] > / certificate set name="Let-s-Encrypt-Authority-X3" [ find where fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" ]
@ -68,12 +71,15 @@ For basic verification we rename and print the certifiactes. Make sure two certi
0 T name=ISRG-Root-X1 issuer=C=US,O=Internet Security Research Group,CN=ISRG Root X1 country=US organization=Internet Security Research Group common-name=ISRG Root X1 key-size=4096 days-valid=7305 trusted=yes key-usage=key-cert-sign,crl-sign serial-number=8210CFB0D240E3594463E0BB63828B00 fingerprint=96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6 invalid-before=jun/04/2015 13:04:38 invalid-after=jun/04/2035 13:04:38 expires-after=872w3d7m34s 0 T name=ISRG-Root-X1 issuer=C=US,O=Internet Security Research Group,CN=ISRG Root X1 country=US organization=Internet Security Research Group common-name=ISRG Root X1 key-size=4096 days-valid=7305 trusted=yes key-usage=key-cert-sign,crl-sign serial-number=8210CFB0D240E3594463E0BB63828B00 fingerprint=96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6 invalid-before=jun/04/2015 13:04:38 invalid-after=jun/04/2035 13:04:38 expires-after=872w3d7m34s
1 L T name=Let-s-Encrypt-Authority-X3 issuer=C=US,O=Internet Security Research Group,CN=ISRG Root X1 country=US organization=Let's Encrypt common-name=Let's Encrypt Authority X3 key-size=2048 days-valid=1826 trusted=yes key-usage=digital-signature,key-cert-sign,crl-sign serial-number=D3B17226342332DCF40528512AEC9C6A fingerprint=731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568 invalid-before=oct/06/2016 17:43:55 invalid-after=oct/06/2021 17:43:55 expires-after=159w5d4h46m51s 1 L T name=Let-s-Encrypt-Authority-X3 issuer=C=US,O=Internet Security Research Group,CN=ISRG Root X1 country=US organization=Let's Encrypt common-name=Let's Encrypt Authority X3 key-size=2048 days-valid=1826 trusted=yes key-usage=digital-signature,key-cert-sign,crl-sign serial-number=D3B17226342332DCF40528512AEC9C6A fingerprint=731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568 invalid-before=oct/06/2016 17:43:55 invalid-after=oct/06/2021 17:43:55 expires-after=159w5d4h46m51s
Always make sure there are no certificates installed you do not know or want!
Now let's download the main scripts and add them in configuration on the fly. Now let's download the main scripts and add them in configuration on the fly.
[admin@MikroTik] > / system script add name=global-config source=([ / tool fetch check-certificate=yes-without-crl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/global-config" output=user as-value]->"data") [admin@MikroTik] > / system script add name=global-config source=([ / tool fetch check-certificate=yes-without-crl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/global-config" output=user as-value]->"data")
[admin@MikroTik] > / system script add name=script-updates source=([ / tool fetch check-certificate=yes-without-crl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/script-updates" output=user as-value]->"data") [admin@MikroTik] > / system script add name=script-updates source=([ / tool fetch check-certificate=yes-without-crl "https://git.eworm.de/cgit.cgi/routeros-scripts/plain/script-updates" output=user as-value]->"data")
The configuration needs to be tweaked for your needs. Make sure not to send your mails to `mail@example.com`! The configuration needs to be tweaked for your needs. Make sure not to send
your mails to `mail@example.com`!
[admin@MikroTik] > / system script edit global-config source [admin@MikroTik] > / system script edit global-config source