diff options
author | Christian Hesse <mail@eworm.de> | 2020-12-18 16:15:44 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2020-12-18 20:32:29 +0100 |
commit | c4c139d5a6f43dcc364f75a06af81f0b259dfbe8 (patch) | |
tree | a760c49d1cd62323009086096fbaa719ac10bf66 | |
parent | 010e2d6b05f9aaed3adccd72ae1903664a373e96 (diff) |
README: drop Let's Encrypt Authority X3
-rw-r--r-- | README.md | 21 |
1 files changed, 3 insertions, 18 deletions
@@ -54,18 +54,11 @@ certificate chain. total: 4KiB duration: 1s - [admin@MikroTik] > / tool fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/Let%27s%20Encrypt%20Authority%20X3.pem" dst-path="letsencrypt-X3.pem" - status: finished - downloaded: 5KiBC-z pause] - total: 5KiB - duration: 1s - Note that the commands above do *not* verify server certificate, so if you want to be safe download with your workstations's browser and transfer the files to your MikroTik device. * [ISRG Root X1](https://letsencrypt.org/certs/isrgrootx1.pem) -* [Let's Encrypt Authority X3](https://letsencrypt.org/certs/letsencryptauthorityx3.pem) * Let's Encrypt [R3](https://letsencrypt.org/certs/lets-encrypt-r3.pem) Then we import the certificates. @@ -77,22 +70,14 @@ Then we import the certificates. decryption-failures: 0 keys-with-no-certificate: 0 - [admin@MikroTik] > / certificate import file-name=letsencrypt-X3.pem passphrase="" - certificates-imported: 1 - private-keys-imported: 0 - files-imported: 1 - decryption-failures: 0 - keys-with-no-certificate: 0 - For basic verification we rename the certifiactes and print their count. Make -sure the certificate count is **four**. +sure the certificate count is **three**. [admin@MikroTik] > / certificate set name="R3" [ find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" ] [admin@MikroTik] > / certificate set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] - [admin@MikroTik] > / certificate set name="Let-s-Encrypt-Authority-X3" [ find where fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" ] [admin@MikroTik] > / certificate set name="DST-Root-CA-X3" [ find where fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ] - [admin@MikroTik] > / certificate print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="731d3d9cfaa061487a1d71445a42f67df0afca2a6c2d2f98ff7b3ce112b1f568" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" - 4 + [admin@MikroTik] > / certificate print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" + 3 Always make sure there are no certificates installed you do not know or want! |