mirror.MikroTik/pothi.mikrotik-scripts
1
0
Fork 0
mirror of https://github.com/pothi/mikrotik-scripts.git synced 2025-07-25 13:04:29 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update root CA cert; simplify logic

Browse source
This commit is contained in:
Pothi Kalimuthu 2024-11-29 20:11:34 +05:30
parent 1b6d274521
commit a7a9e164ed
No known key found for this signature in database
GPG key ID: 57069303D36E3093
1 changed files with 13 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

19
doh-scripts/cloudflare.rsc
View file

@ -4,15 +4,22 @@
/ip dns set verify-doh-cert=no
/tool fetch url=https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem
/certificate remove [find name~"DigiCertGlobalRootCA.crt.pem"]
/certificate import file-name=DigiCertGlobalRootCA.crt.pem passphrase=""
/file remove DigiCertGlobalRootCA.crt.pem
# update the caCertURL depending on what's used at https://1.1.1.1/dns-query
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
:local caCertURL
:set caCertURL https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem
:local result [ /tool fetch url=$caCertURL dst-path=root-ca-cert.pem as-value ];
:do { :delay 2s } while=( $result->"status" != "finished" )
/certificate remove [find name~"root-ca-cert.pem"]
/certificate import file-name=root-ca-cert.pem passphrase=""
/file remove root-ca-cert.pem
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
# optional steps
/ip dns set servers=""
/ip dns set servers="1.1.1.1,1.0.0.1"
/ip dhcp-client set use-peer-dns=no [find]
# flush existing cache