mirror of
https://git.eworm.de/cgit/routeros-scripts
synced 2025-06-21 01:15:42 +02:00
0717ebfbd5
... for sending notifications via Gotify (https://gotify.net). Closes: https://github.com/eworm-de/routeros-scripts/pull/92 Co-authored-by: Christian Hesse <mail@eworm.de>
83 lines
3.8 KiB
Markdown
83 lines
3.8 KiB
Markdown
Certificate name from browser
|
|
=============================
|
|
|
|
[](https://github.com/eworm-de/routeros-scripts/stargazers)
|
|
[](https://github.com/eworm-de/routeros-scripts/network)
|
|
[](https://github.com/eworm-de/routeros-scripts/watchers)
|
|
[](https://mikrotik.com/download/changelogs/)
|
|
[](https://t.me/routeros_scripts)
|
|
[](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
|
|
|
|
[⬅️ Go back to main README](README.md)
|
|
|
|
All well known desktop, mobile and server operating systems come with a
|
|
certificate store that is populated with a set of well known and trusted
|
|
certificates, acting as *trust anchors*.
|
|
|
|
However RouterOS does not, still sometimes a specific certificate is
|
|
required to properly verify a chain of trust. One example is downloading
|
|
the scripts from this repository with `fetch` command, thus the very
|
|
first step of [installation](README.md#the-long-way-in-detail) is importing
|
|
the certificate.
|
|
|
|
The scripts can install additional certificates when required. This happens
|
|
from this repository if available, or from [mkcert.org ↗️](https://mkcert.org)
|
|
as a fallback.
|
|
|
|
Get the certificate's CommonName
|
|
--------------------------------
|
|
|
|
But how to determine what certificate may be required? Often easiest way
|
|
is to use a desktop browser to get that information. This demonstration uses
|
|
[Mozilla Firefox ↗️](https://www.mozilla.org/firefox/).
|
|
|
|
Let's assume we want to make sure the certificate for
|
|
[git.eworm.de](https://git.eworm.de/) is available. Open that page in the
|
|
browser, then click the *lock* icon in addressbar, followed by "*Connection
|
|
secure*".
|
|
|
|
|
|
|
|
The dialog will change, click "*More information*".
|
|
|
|
|
|
|
|
A new window opens, click the button "*View Certificate*". (That window
|
|
can be closed now.)
|
|
|
|
|
|
|
|
A new tab opens, showing information on the server certificate and its
|
|
chain of trust. The leftmost certificate is what we are interested in.
|
|
|
|
|
|
|
|
Now we know that "`ISRG Root X2`" is required, some scripts need just
|
|
that information.
|
|
|
|
Import a certificate by CommonName
|
|
----------------------------------
|
|
|
|
Running the function `$CertificateAvailable` with that name as parameter
|
|
makes sure the certificate is available in the device's store:
|
|
|
|
$CertificateAvailable "ISRG Root X2";
|
|
|
|
If the certificate is actually available already nothing happens, and there
|
|
is no output. Otherwise the certificate is downloaded and imported.
|
|
|
|
If importing a certificate with that exact name fails a warning is given
|
|
and nothing is actually imported.
|
|
|
|
See also
|
|
--------
|
|
|
|
* [Download, import and update firewall address-lists](doc/fw-addr-lists.md)
|
|
* [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md)
|
|
* [Send notifications via Gotify](doc/mod/notification-gotify.md)
|
|
* [Send notifications via Matrix](doc/mod/notification-matrix.md)
|
|
* [Send notifications via Ntfy](doc/mod/notification-ntfy.md)
|
|
|
|
---
|
|
[⬅️ Go back to main README](README.md)
|
|
[⬆️ Go back to top](#top)
|