Crash_Override/routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts synced 2024-05-14 08:04:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
routeros-scripts/INITIAL-COMMANDS.md
Christian Hesse f2433b8091 drop certificate DST Root CA X3 
Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root
X1") on July 8, 2019, but postponed several times.

Finally they found another solution: A certificate 'ISRG Root X1', but
cross-signed with 'DST Root CA X3' and with a livetime that exceeds that
of the root CA. This is said to work for most operating system where root
certificate authorities are just 'trust anchors'.

I doubt this is true for RouterOS, where certificates are just imported
into the certificate store. So let's migrate to 'ISRG Root X1' now.
2021-05-18 16:32:26 +02:00

1.7 KiB
Raw Blame History

Initial commands

◀ Go back to main README

These command are inteneded for initial setup. If you are not aware of the procedure please follow the long way in detail.

{
  / tool fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem";
  :delay 1s;
  / certificate import file-name=letsencrypt-R3.pem passphrase="";
  :if ([ :len [ / certificate find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] ] != 2) do={
    :error "Something is wrong with your certificates!";
  }
  / file remove "letsencrypt-R3.pem";
  :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={
    / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script) output=user as-value]->"data");
  }
  / system script { run global-config; run global-config-overlay; run global-functions; }
  / system scheduler add name="global-scripts" start-time=startup on-event="/ system script { run global-config; run global-config-overlay; run global-functions; }";
  :global CertificateNameByCN;
  $CertificateNameByCN "R3";
  $CertificateNameByCN "ISRG Root X1";
}

Optional to update the scripts automatically:

/ system scheduler add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";

◀ Go back to main README
▲ Go back to top