mirror.MikroTik/eworm.routeros-scripts
1
0
Fork 0
mirror of https://git.eworm.de/cgit/routeros-scripts synced 2025-07-15 20:44:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

check-certificates: do not renew if loosing private key

Browse source
This commit is contained in:
Christian Hesse 2021-01-11 00:05:58 +01:00
parent 8e628ce11e
commit d926c84cdb
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
check-certificates
View file

@ -66,6 +66,11 @@ $WaitFullyConnected;
:if ($Cert != $CertNew) do={ :if ($Cert != $CertNew) do={
$LogPrintExit debug ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced.") false; $LogPrintExit debug ("Certificate '" . $CertVal->"name" . "' was not updated, but replaced.") false;
:if (($CertVal->"private-key") = true && ($CertVal->"private-key") != ($CertNewVal->"private-key")) do={
/ certificate remove $CertNew;
$LogPrintExit warning ("Old certificate '" . ($CertVal->"name") . "' has a private key, new certificate does not. Aborting renew.") true;
}
/ ip service set certificate=($CertNewVal->"name") [ find where certificate=($CertVal->"name") ]; / ip service set certificate=($CertNewVal->"name") [ find where certificate=($CertVal->"name") ];
:do { :do {