Crash_Override/routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts synced 2024-05-14 08:04:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
976 commits 5 branches 200 tags 5.4 MiB
Commit graph

13 commits

Author SHA1 Message Date
Christian Hesse f2433b8091 drop certificate DST Root CA X3 
Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root
X1") on July 8, 2019, but postponed several times.

Finally they found another solution: A certificate 'ISRG Root X1', but
cross-signed with 'DST Root CA X3' and with a livetime that exceeds that
of the root CA. This is said to work for most operating system where root
certificate authorities are just 'trust anchors'.

I doubt this is true for RouterOS, where certificates are just imported
into the certificate store. So let's migrate to 'ISRG Root X1' now.
 2021-05-18 16:32:26 +02:00
Christian Hesse b0e52aa2d1 global-functions: $GetMacVendor: requires certificate "Cloudflare Inc ECC CA-3" now 2021-02-24 21:48:36 +01:00
Christian Hesse 97ade535d9 certs: add plain text info about certificates 
Also order certificates, so we have:
 * intermediate
 * root
 * alternative root, if any

Let's add 'ISRG Root X1' for 'E1' as there will be a valid cross-signed
chain 'E1' -> 'ISRG Root X2' -> 'ISRG Root X1'.
 2020-12-30 00:45:11 +01:00
Christian Hesse 05a9531dac certs: remove Let's Encrypt Authority X3 2020-12-18 20:32:29 +01:00
Christian Hesse 50199a57a0 certs: add new Let's Encrypt certificates 
https://letsencrypt.org/certificates/
 2020-12-17 21:58:53 +01:00
Christian Hesse 3589416840 add certificate 'GTS CA 1O1' 
This is used by DNS over HTTPS services:

https://dns.google/dns-query
 2020-06-10 11:08:18 +02:00
Christian Hesse 8a88743e9f add certificate 'DigiCert ECC Secure Server CA' 
This is used by DNS over HTTPS services:

https://cloudflare-dns.com/dns-query
https://dns9.quad9.net/dns-query (secured)
https://dns10.quad9.net/dns-query (unsecured)

https://github.com/curl/curl/wiki/DNS-over-HTTPS
 2020-03-20 12:07:11 +01:00
Christian Hesse 42834e9de1 global-functions: $CertificateAvailable: fetch by CommonName 
Now that we have a proper $UrlEncode function... Fetch certificates
by CommonName.

Also remove the PEM after import.
 2019-04-30 16:52:53 +02:00
Christian Hesse bc36fb74c3 update-tunnelbroker: verify certificate 2019-01-02 15:02:42 +01:00
Christian Hesse f4673928ef global-functions: make $CertificateAvailable work on CommonName 
This should prevent endless certificate switching for Let's Encrypt
cross-signed intermediate certificates.
 2018-12-20 22:21:00 +01:00
Christian Hesse abdc9b0cbd README: add Root CA certificate DST Root CA X3 
This is used by Let's Encrypt to cross-sign.
 2018-12-20 17:25:23 +01:00
Christian Hesse f111669673 README: download certificates from repository 2018-10-16 16:31:57 +02:00
Christian Hesse d81e1bf195 global-functions: import certificates if required 
Signed-off-by: Christian Hesse <mail@eworm.de>
 2018-10-16 16:06:25 +02:00