Commit graph

13 commits

Author SHA1 Message Date
Christian Hesse
f2433b8091 drop certificate DST Root CA X3
Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root
X1") on July 8, 2019, but postponed several times.

Finally they found another solution: A certificate 'ISRG Root X1', but
cross-signed with 'DST Root CA X3' and with a livetime that exceeds that
of the root CA. This is said to work for most operating system where root
certificate authorities are just 'trust anchors'.

I doubt this is true for RouterOS, where certificates are just imported
into the certificate store. So let's migrate to 'ISRG Root X1' now.
2021-05-18 16:32:26 +02:00
Christian Hesse
b0e52aa2d1 global-functions: $GetMacVendor: requires certificate "Cloudflare Inc ECC CA-3" now 2021-02-24 21:48:36 +01:00
Christian Hesse
97ade535d9 certs: add plain text info about certificates
Also order certificates, so we have:
 * intermediate
 * root
 * alternative root, if any

Let's add 'ISRG Root X1' for 'E1' as there will be a valid cross-signed
chain 'E1' -> 'ISRG Root X2' -> 'ISRG Root X1'.
2020-12-30 00:45:11 +01:00
Christian Hesse
05a9531dac certs: remove Let's Encrypt Authority X3 2020-12-18 20:32:29 +01:00
Christian Hesse
50199a57a0 certs: add new Let's Encrypt certificates
https://letsencrypt.org/certificates/
2020-12-17 21:58:53 +01:00
Christian Hesse
3589416840 add certificate 'GTS CA 1O1'
This is used by DNS over HTTPS services:

https://dns.google/dns-query
2020-06-10 11:08:18 +02:00
Christian Hesse
8a88743e9f add certificate 'DigiCert ECC Secure Server CA'
This is used by DNS over HTTPS services:

https://cloudflare-dns.com/dns-query
https://dns9.quad9.net/dns-query (secured)
https://dns10.quad9.net/dns-query (unsecured)

https://github.com/curl/curl/wiki/DNS-over-HTTPS
2020-03-20 12:07:11 +01:00
Christian Hesse
42834e9de1 global-functions: $CertificateAvailable: fetch by CommonName
Now that we have a proper $UrlEncode function... Fetch certificates
by CommonName.

Also remove the PEM after import.
2019-04-30 16:52:53 +02:00
Christian Hesse
bc36fb74c3 update-tunnelbroker: verify certificate 2019-01-02 15:02:42 +01:00
Christian Hesse
f4673928ef global-functions: make $CertificateAvailable work on CommonName
This should prevent endless certificate switching for Let's Encrypt
cross-signed intermediate certificates.
2018-12-20 22:21:00 +01:00
Christian Hesse
abdc9b0cbd README: add Root CA certificate DST Root CA X3
This is used by Let's Encrypt to cross-sign.
2018-12-20 17:25:23 +01:00
Christian Hesse
f111669673 README: download certificates from repository 2018-10-16 16:31:57 +02:00
Christian Hesse
d81e1bf195 global-functions: import certificates if required
Signed-off-by: Christian Hesse <mail@eworm.de>
2018-10-16 16:06:25 +02:00