check-certificates: add workaround for broken certificates...

... where the issuer array is borked. Or is this a RouterOS issue?

[eworm@carpo] > $InspectVar [ $ParseKeyValueStore  [ /certificate/get ISRG-Root-X2 issuer ] ]
-type-> array
  -key-> C
    -type-> str
    -value-> US,O=Internet Security Research Group,CN=ISRG Root X2

A good certificate looks like this:

[eworm@carpo] > $InspectVar [ $ParseKeyValueStore  [ /certificate/get [ find where name~"eworm.net" ] issuer ] ]
-type-> array
  -key-> C
    -type-> str
    -value-> US
  -key-> CN
    -type-> str
    -value-> E1
  -key-> O
    -type-> str
    -value-> Let's Encrypt

check-certificates.rsc

@@ -90,18 +90,20 @@
   :local FormatCertChain do={
     :local Cert $1;
 
+    :global EitherOr;
     :global ParseKeyValueStore;
 
     :local CertVal [ /certificate/get $Cert ];
     :local Return "";
 
     :for I from=0 to=3 do={
-      :set Return ($Return . [ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
+      :set Return ($Return . [ $EitherOr ([ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN") \
+        ([ $ParseKeyValueStore (($CertVal->"issuer")->0) ]->"CN") ]);
+      :set CertVal [ /certificate/get [ find where skid=($CertVal->"akid") ] ];
       :if (($CertVal->"akid") = "" || ($CertVal->"akid") = ($CertVal->"skid")) do={
         :return $Return;
       }
       :set Return ($Return . " -> ");
-      :set CertVal [ /certificate/get [ find where skid=($CertVal->"akid") ] ];
     }
     :return ($Return . "...");
   }