mirror.MikroTik/eworm-de.routeros-scripts
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2025-08-04 18:24:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)

Browse source 
old chain: R3 / ISRG Root X1
new chain: E1 / ISRG Root X2

No user interaction or migration is required for existing installations
as we install 'E1' and 'ISRG Root X2' for some time already.
This commit is contained in:
Christian Hesse 2023-10-26 11:52:50 +02:00
parent 61834297d7
commit 8f75c17e0b
9 changed files with 15 additions and 142 deletions
Download patch file Download diff file Expand all files Collapse all files

14
README.md
View file

@ -59,7 +59,7 @@ download the certificates. If you intend to download the scripts from a
different location (for example from github.com) install the corresponding
certificate chain.
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem";
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem";
![screenshot: download certs](README.d/01-download-certs.avif)
@ -67,21 +67,21 @@ Note that the commands above do *not* verify server certificate, so if you
want to be safe download with your workstations's browser and transfer the
files to your MikroTik device.
* [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem)
* Let's Encrypt [R3](https://letsencrypt.org/certs/lets-encrypt-r3.pem)
* [ISRG Root X2](https://letsencrypt.org/certs/isrg-root-x2.pem)
* Let's Encrypt [E1](https://letsencrypt.org/certs/lets-encrypt-e1.pem)
Then we import the certificates.
/certificate/import file-name=letsencrypt-R3.pem passphrase="";
/certificate/import file-name=letsencrypt-E1.pem passphrase="";
![screenshot: import certs](README.d/02-import-certs.avif)
For basic verification we rename the certificates and print their count. Make
sure the certificate count is **two**.
/certificate/set name="R3" [ find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" ];
/certificate/set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ];
/certificate/print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6";
/certificate/set name="E1" [ find where common-name="E1" ];
/certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ];
/certificate/print count-only where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
![screenshot: check certs](README.d/03-check-certs.avif)