groove/routeros-scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)

Browse source 
old chain: R3 / ISRG Root X1
new chain: E1 / ISRG Root X2

No user interaction or migration is required for existing installations
as we install 'E1' and 'ISRG Root X2' for some time already.
This commit is contained in:
Christian Hesse 2023-10-26 11:52:50 +02:00
parent 61834297d7
commit 8f75c17e0b
9 changed files with 15 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

12
INITIAL-COMMANDS.md
View file

@ -10,13 +10,13 @@ Initial commands
Run the complete base installation:
{
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem" as-value;
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem" as-value;
:delay 1s;
/certificate/import file-name=letsencrypt-R3.pem passphrase="";
:if ([ :len [ /certificate/find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] ] != 2) do={
/certificate/import file-name=letsencrypt-E1.pem passphrase="";
:if ([ :len [ /certificate/find where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 2) do={
:error "Something is wrong with your certificates!";
};
/file/remove "letsencrypt-R3.pem";
/file/remove "letsencrypt-E1.pem";
:delay 1s;
:foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={
/system/script/add name=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . ".rsc") output=user as-value]->"data");
@ -24,8 +24,8 @@ Run the complete base installation:
/system/script { run global-config; run global-functions; };
/system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }";
:global CertificateNameByCN;
$CertificateNameByCN "R3";
$CertificateNameByCN "ISRG Root X1";
$CertificateNameByCN "E1";
$CertificateNameByCN "ISRG Root X2";
};
Then continue setup with