aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2024-06-19 08:56:07 +0200
committerGravatar Christian Hesse <mail@eworm.de>2024-06-19 09:29:23 +0200
commit76dd069fa653ad9ed8f100f71124fc5027b159df (patch)
tree0a212a30e41299b6dbb8f9a4d26dad2eef763deb
parentd01362dbaa352efccf4d64a5e0404b2d43060cd5 (diff)
Let's Encrypt changed their intermediate certificates
https://letsencrypt.org/2024/03/19/new-intermediate-certificates https://letsencrypt.org/certificates/ But let's keep the old ones around for now, as some sites are still using the old intermediate.
-rw-r--r--INITIAL-COMMANDS.md10
-rw-r--r--README.d/01-download-certs.avifbin4420 -> 4578 bytes
-rw-r--r--README.d/03-check-certs.avifbin12089 -> 12118 bytes
-rw-r--r--README.md14
-rw-r--r--certs/E5.pem119
-rw-r--r--certs/R10.pem231
-rw-r--r--global-config.rsc6
-rw-r--r--global-functions.rsc2
8 files changed, 366 insertions, 16 deletions
diff --git a/INITIAL-COMMANDS.md b/INITIAL-COMMANDS.md
index 4a12197..889192d 100644
--- a/INITIAL-COMMANDS.md
+++ b/INITIAL-COMMANDS.md
@@ -17,13 +17,13 @@ Initial commands
Run the complete base installation:
{
- /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem" as-value;
+ /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E5.pem" dst-path="letsencrypt-E5.pem" as-value;
:delay 1s;
- /certificate/import file-name=letsencrypt-E1.pem passphrase="";
- :if ([ :len [ /certificate/find where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 2) do={
+ /certificate/import file-name=letsencrypt-E5.pem passphrase="";
+ :if ([ :len [ /certificate/find where fingerprint="e788d14b0436b5120bbee3f15c15badf08c1407fe72568a4f16f9151c380e1e3" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470" ] ] != 2) do={
:error "Something is wrong with your certificates!";
};
- /file/remove [ find where name="letsencrypt-E1.pem" ];
+ /file/remove [ find where name="letsencrypt-E5.pem" ];
:delay 1s;
/system/script/set name=("global-config-overlay-" . [ /system/clock/get date ] . "-" . [ /system/clock/get time ]) [ find where name="global-config-overlay" ];
:foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={
@@ -34,7 +34,7 @@ Run the complete base installation:
/system/scheduler/remove [ find where name="global-scripts" ];
/system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }";
:global CertificateNameByCN;
- $CertificateNameByCN "E1";
+ $CertificateNameByCN "E5";
$CertificateNameByCN "ISRG Root X2";
};
diff --git a/README.d/01-download-certs.avif b/README.d/01-download-certs.avif
index b27b23b..b543aff 100644
--- a/README.d/01-download-certs.avif
+++ b/README.d/01-download-certs.avif
Binary files differ
diff --git a/README.d/03-check-certs.avif b/README.d/03-check-certs.avif
index 0477c39..f24c6b5 100644
--- a/README.d/03-check-certs.avif
+++ b/README.d/03-check-certs.avif
Binary files differ
diff --git a/README.md b/README.md
index b6e529d..1ad5aca 100644
--- a/README.md
+++ b/README.md
@@ -69,7 +69,7 @@ download the certificates. If you intend to download the scripts from a
different location (for example from github.com) install the corresponding
certificate chain.
- /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E1.pem" dst-path="letsencrypt-E1.pem";
+ /tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/E5.pem" dst-path="letsencrypt-E5.pem";
![screenshot: download certs](README.d/01-download-certs.avif)
@@ -78,11 +78,11 @@ want to be safe download with your workstations's browser and transfer the
files to your MikroTik device.
* [ISRG Root X2](https://letsencrypt.org/certs/isrg-root-x2.pem)
-* Let's Encrypt [E1](https://letsencrypt.org/certs/lets-encrypt-e1.pem)
+* Let's Encrypt [E5](https://letsencrypt.org/certs/2024/e5.pem)
Then we import the certificates.
- /certificate/import file-name=letsencrypt-E1.pem passphrase="";
+ /certificate/import file-name=letsencrypt-E5.pem passphrase="";
Do not worry that the command is not shown - that happens because it contains
a sensitive property, the passphrase.
@@ -90,13 +90,13 @@ a sensitive property, the passphrase.
![screenshot: import certs](README.d/02-import-certs.avif)
For basic verification we rename the certificates and print them by
-fingerprint. Make sure exactly these two certificates ("*E1*" and
+fingerprint. Make sure exactly these two certificates ("*E5*" and
"*ISRG-Root-X2*") are shown. Also remove the left over file.
- /certificate/set name="E1" [ find where common-name="E1" ];
+ /certificate/set name="E5" [ find where common-name="E5" ];
/certificate/set name="ISRG-Root-X2" [ find where common-name="ISRG Root X2" ];
- /certificate/print proplist=name,fingerprint where fingerprint="46494e30379059df18be52124305e606fc59070e5b21076ce113954b60517cda" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
- /file/remove [ find where name="letsencrypt-E1.pem" ];
+ /certificate/print proplist=name,fingerprint where fingerprint="e788d14b0436b5120bbee3f15c15badf08c1407fe72568a4f16f9151c380e1e3" or fingerprint="69729b8e15a86efc177a57afb7171dfc64add28c2fca8cf1507e34453ccb1470";
+ /file/remove [ find where name="letsencrypt-E5.pem" ];
![screenshot: check certs](README.d/03-check-certs.avif)
diff --git a/certs/E5.pem b/certs/E5.pem
new file mode 100644
index 0000000..3f9e915
--- /dev/null
+++ b/certs/E5.pem
@@ -0,0 +1,119 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 18:6e:75:d4:ee:b0:a0:5d:fd:2d:a8:20:86:5d:1e:31
+ Signature Algorithm: ecdsa-with-SHA384
+ Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X2
+ Validity
+ Not Before: Mar 13 00:00:00 2024 GMT
+ Not After : Mar 12 23:59:59 2027 GMT
+ Subject: C=US, O=Let's Encrypt, CN=E5
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:0d:0b:3a:8a:6b:61:8e:b6:ef:dc:5f:58:e7:c6:
+ 42:45:54:ab:63:f6:66:61:48:0a:2e:59:75:b4:81:
+ 02:37:50:b7:3f:16:79:dc:98:ec:a1:28:97:72:20:
+ 1c:2c:cf:d5:7c:52:20:4e:54:78:5b:84:14:6b:c0:
+ 90:ae:85:ec:c0:51:41:3c:5a:87:7f:06:4d:d4:fe:
+ 60:d1:fa:6c:2d:e1:7d:95:10:88:a2:08:54:0f:99:
+ 1a:4c:e6:ea:0a:ac:d8
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, TLS Web Server Authentication
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 Subject Key Identifier:
+ 9F:2B:5F:CF:3C:21:4F:9D:04:B7:ED:2B:2C:C4:C6:70:8B:D2:D7:0D
+ X509v3 Authority Key Identifier:
+ 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95
+ Authority Information Access:
+ CA Issuers - URI:http://x2.i.lencr.org/
+ X509v3 Certificate Policies:
+ Policy: 2.23.140.1.2.1
+ X509v3 CRL Distribution Points:
+ Full Name:
+ URI:http://x2.c.lencr.org/
+ Signature Algorithm: ecdsa-with-SHA384
+ Signature Value:
+ 30:64:02:30:1b:6d:2e:45:41:1c:45:3e:d9:5f:34:18:74:67:
+ 13:79:ba:ab:29:b5:b6:10:4e:83:27:4a:8b:45:4e:c7:7b:cf:
+ f4:40:30:1d:61:a5:e6:1c:6d:a4:90:09:92:6e:46:4b:02:30:
+ 46:29:18:84:34:7a:bc:fb:de:d8:1b:d8:19:a7:04:f5:cb:7e:
+ e7:6d:84:d9:da:8e:ea:ce:36:30:b9:a2:80:4c:2c:e6:60:12:
+ 4b:a9:76:aa:e8:6d:95:47:da:72:09:0c
+-----BEGIN CERTIFICATE-----
+MIICtDCCAjugAwIBAgIQGG511O6woF39Lagghl0eMTAKBggqhkjOPQQDAzBPMQsw
+CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
+R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yNDAzMTMwMDAwMDBaFw0y
+NzAzMTIyMzU5NTlaMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNy
+eXB0MQswCQYDVQQDEwJFNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABA0LOoprYY62
+79xfWOfGQkVUq2P2ZmFICi5ZdbSBAjdQtz8WedyY7KEol3IgHCzP1XxSIE5UeFuE
+FGvAkK6F7MBRQTxah38GTdT+YNH6bC3hfZUQiKIIVA+ZGkzm6gqs2KOB+DCB9TAO
+BgNVHQ8BAf8EBAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIG
+A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJ8rX888IU+dBLftKyzExnCL0tcN
+MB8GA1UdIwQYMBaAFHxClq7eS0g7+pL4nozPbYupcjeVMDIGCCsGAQUFBwEBBCYw
+JDAiBggrBgEFBQcwAoYWaHR0cDovL3gyLmkubGVuY3Iub3JnLzATBgNVHSAEDDAK
+MAgGBmeBDAECATAnBgNVHR8EIDAeMBygGqAYhhZodHRwOi8veDIuYy5sZW5jci5v
+cmcvMAoGCCqGSM49BAMDA2cAMGQCMBttLkVBHEU+2V80GHRnE3m6qym1thBOgydK
+i0VOx3vP9EAwHWGl5hxtpJAJkm5GSwIwRikYhDR6vPve2BvYGacE9ct+522E2dqO
+6s42MLmigEws5mASS6l2quhtlUfacgkM
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 41:d2:9d:d1:72:ea:ee:a7:80:c1:2c:6c:e9:2f:87:52
+ Signature Algorithm: ecdsa-with-SHA384
+ Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X2
+ Validity
+ Not Before: Sep 4 00:00:00 2020 GMT
+ Not After : Sep 17 16:00:00 2040 GMT
+ Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X2
+ Subject Public Key Info:
+ Public Key Algorithm: id-ecPublicKey
+ Public-Key: (384 bit)
+ pub:
+ 04:cd:9b:d5:9f:80:83:0a:ec:09:4a:f3:16:4a:3e:
+ 5c:cf:77:ac:de:67:05:0d:1d:07:b6:dc:16:fb:5a:
+ 8b:14:db:e2:71:60:c4:ba:45:95:11:89:8e:ea:06:
+ df:f7:2a:16:1c:a4:b9:c5:c5:32:e0:03:e0:1e:82:
+ 18:38:8b:d7:45:d8:0a:6a:6e:e6:00:77:fb:02:51:
+ 7d:22:d8:0a:6e:9a:5b:77:df:f0:fa:41:ec:39:dc:
+ 75:ca:68:07:0c:1f:ea
+ ASN1 OID: secp384r1
+ NIST CURVE: P-384
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 7C:42:96:AE:DE:4B:48:3B:FA:92:F8:9E:8C:CF:6D:8B:A9:72:37:95
+ Signature Algorithm: ecdsa-with-SHA384
+ 30:65:02:30:7b:79:4e:46:50:84:c2:44:87:46:1b:45:70:ff:
+ 58:99:de:f4:fd:a4:d2:55:a6:20:2d:74:d6:34:bc:41:a3:50:
+ 5f:01:27:56:b4:be:27:75:06:af:12:2e:75:98:8d:fc:02:31:
+ 00:8b:f5:77:6c:d4:c8:65:aa:e0:0b:2c:ee:14:9d:27:37:a4:
+ f9:53:a5:51:e4:29:83:d7:f8:90:31:5b:42:9f:0a:f5:fe:ae:
+ 00:68:e7:8c:49:0f:b6:6f:5b:5b:15:f2:e7
+-----BEGIN CERTIFICATE-----
+MIICGzCCAaGgAwIBAgIQQdKd0XLq7qeAwSxs6S+HUjAKBggqhkjOPQQDAzBPMQsw
+CQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2gg
+R3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMjAeFw0yMDA5MDQwMDAwMDBaFw00
+MDA5MTcxNjAwMDBaME8xCzAJBgNVBAYTAlVTMSkwJwYDVQQKEyBJbnRlcm5ldCBT
+ZWN1cml0eSBSZXNlYXJjaCBHcm91cDEVMBMGA1UEAxMMSVNSRyBSb290IFgyMHYw
+EAYHKoZIzj0CAQYFK4EEACIDYgAEzZvVn4CDCuwJSvMWSj5cz3es3mcFDR0HttwW
++1qLFNvicWDEukWVEYmO6gbf9yoWHKS5xcUy4APgHoIYOIvXRdgKam7mAHf7AlF9
+ItgKbppbd9/w+kHsOdx1ymgHDB/qo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0T
+AQH/BAUwAwEB/zAdBgNVHQ4EFgQUfEKWrt5LSDv6kviejM9ti6lyN5UwCgYIKoZI
+zj0EAwMDaAAwZQIwe3lORlCEwkSHRhtFcP9Ymd70/aTSVaYgLXTWNLxBo1BfASdW
+tL4ndQavEi51mI38AjEAi/V3bNTIZargCyzuFJ0nN6T5U6VR5CmD1/iQMVtCnwr1
+/q4AaOeMSQ+2b1tbFfLn
+-----END CERTIFICATE-----
diff --git a/certs/R10.pem b/certs/R10.pem
new file mode 100644
index 0000000..e8c1c4a
--- /dev/null
+++ b/certs/R10.pem
@@ -0,0 +1,231 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 4b:a8:52:93:f7:9a:2f:a2:73:06:4b:a8:04:8d:75:d0
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1
+ Validity
+ Not Before: Mar 13 00:00:00 2024 GMT
+ Not After : Mar 12 23:59:59 2027 GMT
+ Subject: C=US, O=Let's Encrypt, CN=R10
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (2048 bit)
+ Modulus:
+ 00:cf:57:e5:e6:c4:54:12:ed:b4:47:fe:c9:27:58:
+ 76:46:50:28:8c:1d:3e:88:df:05:9d:d5:b5:18:29:
+ bd:dd:b5:5a:bf:fa:f6:ce:a3:be:af:00:21:4b:62:
+ 5a:5a:3c:01:2f:c5:58:03:f6:89:ff:8e:11:43:eb:
+ c1:b5:e0:14:07:96:8f:6f:1f:d7:e7:ba:81:39:09:
+ 75:65:b7:c2:af:18:5b:37:26:28:e7:a3:f4:07:2b:
+ 6d:1a:ff:ab:58:bc:95:ae:40:ff:e9:cb:57:c4:b5:
+ 5b:7f:78:0d:18:61:bc:17:e7:54:c6:bb:49:91:cd:
+ 6e:18:d1:80:85:ee:a6:65:36:bc:74:ea:bc:50:4c:
+ ea:fc:21:f3:38:16:93:94:ba:b0:d3:6b:38:06:cd:
+ 16:12:7a:ca:52:75:c8:ad:76:b2:c2:9c:5d:98:45:
+ 5c:6f:61:7b:c6:2d:ee:3c:13:52:86:01:d9:57:e6:
+ 38:1c:df:8d:b5:1f:92:91:9a:e7:4a:1c:cc:45:a8:
+ 72:55:f0:b0:e6:a3:07:ec:fd:a7:1b:66:9e:3f:48:
+ 8b:71:84:71:58:c9:3a:fa:ef:5e:f2:5b:44:2b:3c:
+ 74:e7:8f:b2:47:c1:07:6a:cd:9a:b7:0d:96:f7:12:
+ 81:26:51:54:0a:ec:61:f6:f7:f5:e2:f2:8a:c8:95:
+ 0d:8d
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Digital Signature, Certificate Sign, CRL Sign
+ X509v3 Extended Key Usage:
+ TLS Web Client Authentication, TLS Web Server Authentication
+ X509v3 Basic Constraints: critical
+ CA:TRUE, pathlen:0
+ X509v3 Subject Key Identifier:
+ BB:BC:C3:47:A5:E4:BC:A9:C6:C3:A4:72:0C:10:8D:A2:35:E1:C8:E8
+ X509v3 Authority Key Identifier:
+ 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
+ Authority Information Access:
+ CA Issuers - URI:http://x1.i.lencr.org/
+ X509v3 Certificate Policies:
+ Policy: 2.23.140.1.2.1
+ X509v3 CRL Distribution Points:
+ Full Name:
+ URI:http://x1.c.lencr.org/
+ Signature Algorithm: sha256WithRSAEncryption
+ Signature Value:
+ 92:b1:e7:41:37:eb:79:9d:81:e6:cd:e2:25:e1:3a:20:e9:90:
+ 44:95:a3:81:5c:cf:c3:5d:fd:bd:a0:70:d5:b1:96:28:22:0b:
+ d2:f2:28:cf:0c:e7:d4:e6:43:8c:24:22:1d:c1:42:92:d1:09:
+ af:9f:4b:f4:c8:70:4f:20:16:b1:5a:dd:01:f6:1f:f8:1f:61:
+ 6b:14:27:b0:72:8d:63:ae:ee:e2:ce:4b:cf:37:dd:bb:a3:d4:
+ cd:e7:ad:50:ad:bd:bf:e3:ec:3e:62:36:70:99:31:a7:e8:8d:
+ dd:ea:62:e2:12:ae:f5:9c:d4:3d:2c:0c:aa:d0:9c:79:be:ea:
+ 3d:5c:44:6e:96:31:63:5a:7d:d6:7e:4f:24:a0:4b:05:7f:5e:
+ 6f:d2:d4:ea:5f:33:4b:13:d6:57:b6:ca:de:51:b8:5d:a3:09:
+ 82:74:fd:c7:78:9e:b3:b9:ac:16:da:4a:2b:96:c3:b6:8b:62:
+ 8f:f9:74:19:a2:9e:03:de:e9:6f:9b:b0:0f:d2:a0:5a:f6:85:
+ 5c:c2:04:b7:c8:d5:4e:32:c4:bf:04:5d:bc:29:f6:f7:81:8f:
+ 0c:5d:3c:53:c9:40:90:8b:fb:b6:08:65:b9:a4:21:d5:09:e5:
+ 13:84:84:37:82:ce:10:28:fc:76:c2:06:25:7a:46:52:4d:da:
+ 53:72:a4:27:3f:62:70:ac:be:69:48:00:fb:67:0f:db:5b:a1:
+ e8:d7:03:21:2d:d7:c9:f6:99:42:39:83:43:df:77:0a:12:08:
+ f1:25:d6:ba:94:19:54:18:88:a5:c5:8e:e1:1a:99:93:79:6b:
+ ec:1c:f9:31:40:b0:cc:32:00:df:9f:5e:e7:b4:92:ab:90:82:
+ 91:8d:0d:e0:1e:95:ba:59:3b:2e:4b:5f:c2:b7:46:35:52:39:
+ 06:c0:bd:aa:ac:52:c1:22:a0:44:97:99:f7:0c:a0:21:a7:a1:
+ 6c:71:47:16:17:01:68:c0:ca:a6:26:65:04:7c:b3:ae:c9:e7:
+ 94:55:c2:6f:9b:3c:1c:a9:f9:2e:c5:20:1a:f0:76:e0:be:ec:
+ 18:d6:4f:d8:25:fb:76:11:e8:bf:e6:21:0f:e8:e8:cc:b5:b6:
+ a7:d5:b8:f7:9f:41:cf:61:22:46:6a:83:b6:68:97:2e:7c:ea:
+ 4e:95:db:23:eb:2e:c8:2b:28:84:a4:60:e9:49:f4:44:2e:3b:
+ f9:ca:62:57:01:e2:5d:90:16:f9:c9:fc:7a:23:48:8e:a6:d5:
+ 81:72:f1:28:fa:5d:ce:fb:ed:4e:73:8f:94:2e:d2:41:94:98:
+ 99:db:a7:af:70:5f:f5:be:fb:02:20:bf:66:27:6c:b4:ad:fa:
+ 75:12:0b:2b:3e:ce:03:9e
+-----BEGIN CERTIFICATE-----
+MIIFBTCCAu2gAwIBAgIQS6hSk/eaL6JzBkuoBI110DANBgkqhkiG9w0BAQsFADBP
+MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
+Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
+Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
+bmNyeXB0MQwwCgYDVQQDEwNSMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDPV+XmxFQS7bRH/sknWHZGUCiMHT6I3wWd1bUYKb3dtVq/+vbOo76vACFL
+YlpaPAEvxVgD9on/jhFD68G14BQHlo9vH9fnuoE5CXVlt8KvGFs3Jijno/QHK20a
+/6tYvJWuQP/py1fEtVt/eA0YYbwX51TGu0mRzW4Y0YCF7qZlNrx06rxQTOr8IfM4
+FpOUurDTazgGzRYSespSdcitdrLCnF2YRVxvYXvGLe48E1KGAdlX5jgc3421H5KR
+mudKHMxFqHJV8LDmowfs/acbZp4/SItxhHFYyTr6717yW0QrPHTnj7JHwQdqzZq3
+DZb3EoEmUVQK7GH29/Xi8orIlQ2NAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG
+MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
+AgEAMB0GA1UdDgQWBBS7vMNHpeS8qcbDpHIMEI2iNeHI6DAfBgNVHSMEGDAWgBR5
+tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG
+Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD
+VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B
+AQsFAAOCAgEAkrHnQTfreZ2B5s3iJeE6IOmQRJWjgVzPw139vaBw1bGWKCIL0vIo
+zwzn1OZDjCQiHcFCktEJr59L9MhwTyAWsVrdAfYf+B9haxQnsHKNY67u4s5Lzzfd
+u6PUzeetUK29v+PsPmI2cJkxp+iN3epi4hKu9ZzUPSwMqtCceb7qPVxEbpYxY1p9
+1n5PJKBLBX9eb9LU6l8zSxPWV7bK3lG4XaMJgnT9x3ies7msFtpKK5bDtotij/l0
+GaKeA97pb5uwD9KgWvaFXMIEt8jVTjLEvwRdvCn294GPDF08U8lAkIv7tghluaQh
+1QnlE4SEN4LOECj8dsIGJXpGUk3aU3KkJz9icKy+aUgA+2cP21uh6NcDIS3XyfaZ
+QjmDQ993ChII8SXWupQZVBiIpcWO4RqZk3lr7Bz5MUCwzDIA359e57SSq5CCkY0N
+4B6Vulk7LktfwrdGNVI5BsC9qqxSwSKgRJeZ9wygIaehbHFHFhcBaMDKpiZlBHyz
+rsnnlFXCb5s8HKn5LsUgGvB24L7sGNZP2CX7dhHov+YhD+jozLW2p9W4959Bz2Ei
+RmqDtmiXLnzqTpXbI+suyCsohKRg6Un0RC47+cpiVwHiXZAW+cn8eiNIjqbVgXLx
+KPpdzvvtTnOPlC7SQZSYmdunr3Bf9b77AiC/ZidstK36dRILKz7OA54=
+-----END CERTIFICATE-----
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number:
+ 82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C = US, O = Internet Security Research Group, CN = ISRG Root X1
+ Validity
+ Not Before: Jun 4 11:04:38 2015 GMT
+ Not After : Jun 4 11:04:38 2035 GMT
+ Subject: C = US, O = Internet Security Research Group, CN = ISRG Root X1
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public-Key: (4096 bit)
+ Modulus:
+ 00:ad:e8:24:73:f4:14:37:f3:9b:9e:2b:57:28:1c:
+ 87:be:dc:b7:df:38:90:8c:6e:3c:e6:57:a0:78:f7:
+ 75:c2:a2:fe:f5:6a:6e:f6:00:4f:28:db:de:68:86:
+ 6c:44:93:b6:b1:63:fd:14:12:6b:bf:1f:d2:ea:31:
+ 9b:21:7e:d1:33:3c:ba:48:f5:dd:79:df:b3:b8:ff:
+ 12:f1:21:9a:4b:c1:8a:86:71:69:4a:66:66:6c:8f:
+ 7e:3c:70:bf:ad:29:22:06:f3:e4:c0:e6:80:ae:e2:
+ 4b:8f:b7:99:7e:94:03:9f:d3:47:97:7c:99:48:23:
+ 53:e8:38:ae:4f:0a:6f:83:2e:d1:49:57:8c:80:74:
+ b6:da:2f:d0:38:8d:7b:03:70:21:1b:75:f2:30:3c:
+ fa:8f:ae:dd:da:63:ab:eb:16:4f:c2:8e:11:4b:7e:
+ cf:0b:e8:ff:b5:77:2e:f4:b2:7b:4a:e0:4c:12:25:
+ 0c:70:8d:03:29:a0:e1:53:24:ec:13:d9:ee:19:bf:
+ 10:b3:4a:8c:3f:89:a3:61:51:de:ac:87:07:94:f4:
+ 63:71:ec:2e:e2:6f:5b:98:81:e1:89:5c:34:79:6c:
+ 76:ef:3b:90:62:79:e6:db:a4:9a:2f:26:c5:d0:10:
+ e1:0e:de:d9:10:8e:16:fb:b7:f7:a8:f7:c7:e5:02:
+ 07:98:8f:36:08:95:e7:e2:37:96:0d:36:75:9e:fb:
+ 0e:72:b1:1d:9b:bc:03:f9:49:05:d8:81:dd:05:b4:
+ 2a:d6:41:e9:ac:01:76:95:0a:0f:d8:df:d5:bd:12:
+ 1f:35:2f:28:17:6c:d2:98:c1:a8:09:64:77:6e:47:
+ 37:ba:ce:ac:59:5e:68:9d:7f:72:d6:89:c5:06:41:
+ 29:3e:59:3e:dd:26:f5:24:c9:11:a7:5a:a3:4c:40:
+ 1f:46:a1:99:b5:a7:3a:51:6e:86:3b:9e:7d:72:a7:
+ 12:05:78:59:ed:3e:51:78:15:0b:03:8f:8d:d0:2f:
+ 05:b2:3e:7b:4a:1c:4b:73:05:12:fc:c6:ea:e0:50:
+ 13:7c:43:93:74:b3:ca:74:e7:8e:1f:01:08:d0:30:
+ d4:5b:71:36:b4:07:ba:c1:30:30:5c:48:b7:82:3b:
+ 98:a6:7d:60:8a:a2:a3:29:82:cc:ba:bd:83:04:1b:
+ a2:83:03:41:a1:d6:05:f1:1b:c2:b6:f0:a8:7c:86:
+ 3b:46:a8:48:2a:88:dc:76:9a:76:bf:1f:6a:a5:3d:
+ 19:8f:eb:38:f3:64:de:c8:2b:0d:0a:28:ff:f7:db:
+ e2:15:42:d4:22:d0:27:5d:e1:79:fe:18:e7:70:88:
+ ad:4e:e6:d9:8b:3a:c6:dd:27:51:6e:ff:bc:64:f5:
+ 33:43:4f
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Key Usage: critical
+ Certificate Sign, CRL Sign
+ X509v3 Basic Constraints: critical
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ 79:B4:59:E6:7B:B6:E5:E4:01:73:80:08:88:C8:1A:58:F6:E9:9B:6E
+ Signature Algorithm: sha256WithRSAEncryption
+ 55:1f:58:a9:bc:b2:a8:50:d0:0c:b1:d8:1a:69:20:27:29:08:
+ ac:61:75:5c:8a:6e:f8:82:e5:69:2f:d5:f6:56:4b:b9:b8:73:
+ 10:59:d3:21:97:7e:e7:4c:71:fb:b2:d2:60:ad:39:a8:0b:ea:
+ 17:21:56:85:f1:50:0e:59:eb:ce:e0:59:e9:ba:c9:15:ef:86:
+ 9d:8f:84:80:f6:e4:e9:91:90:dc:17:9b:62:1b:45:f0:66:95:
+ d2:7c:6f:c2:ea:3b:ef:1f:cf:cb:d6:ae:27:f1:a9:b0:c8:ae:
+ fd:7d:7e:9a:fa:22:04:eb:ff:d9:7f:ea:91:2b:22:b1:17:0e:
+ 8f:f2:8a:34:5b:58:d8:fc:01:c9:54:b9:b8:26:cc:8a:88:33:
+ 89:4c:2d:84:3c:82:df:ee:96:57:05:ba:2c:bb:f7:c4:b7:c7:
+ 4e:3b:82:be:31:c8:22:73:73:92:d1:c2:80:a4:39:39:10:33:
+ 23:82:4c:3c:9f:86:b2:55:98:1d:be:29:86:8c:22:9b:9e:e2:
+ 6b:3b:57:3a:82:70:4d:dc:09:c7:89:cb:0a:07:4d:6c:e8:5d:
+ 8e:c9:ef:ce:ab:c7:bb:b5:2b:4e:45:d6:4a:d0:26:cc:e5:72:
+ ca:08:6a:a5:95:e3:15:a1:f7:a4:ed:c9:2c:5f:a5:fb:ff:ac:
+ 28:02:2e:be:d7:7b:bb:e3:71:7b:90:16:d3:07:5e:46:53:7c:
+ 37:07:42:8c:d3:c4:96:9c:d5:99:b5:2a:e0:95:1a:80:48:ae:
+ 4c:39:07:ce:cc:47:a4:52:95:2b:ba:b8:fb:ad:d2:33:53:7d:
+ e5:1d:4d:6d:d5:a1:b1:c7:42:6f:e6:40:27:35:5c:a3:28:b7:
+ 07:8d:e7:8d:33:90:e7:23:9f:fb:50:9c:79:6c:46:d5:b4:15:
+ b3:96:6e:7e:9b:0c:96:3a:b8:52:2d:3f:d6:5b:e1:fb:08:c2:
+ 84:fe:24:a8:a3:89:da:ac:6a:e1:18:2a:b1:a8:43:61:5b:d3:
+ 1f:dc:3b:8d:76:f2:2d:e8:8d:75:df:17:33:6c:3d:53:fb:7b:
+ cb:41:5f:ff:dc:a2:d0:61:38:e1:96:b8:ac:5d:8b:37:d7:75:
+ d5:33:c0:99:11:ae:9d:41:c1:72:75:84:be:02:41:42:5f:67:
+ 24:48:94:d1:9b:27:be:07:3f:b9:b8:4f:81:74:51:e1:7a:b7:
+ ed:9d:23:e2:be:e0:d5:28:04:13:3c:31:03:9e:dd:7a:6c:8f:
+ c6:07:18:c6:7f:de:47:8e:3f:28:9e:04:06:cf:a5:54:34:77:
+ bd:ec:89:9b:e9:17:43:df:5b:db:5f:fe:8e:1e:57:a2:cd:40:
+ 9d:7e:62:22:da:de:18:27
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----
diff --git a/global-config.rsc b/global-config.rsc
index 8a42b81..a0835f8 100644
--- a/global-config.rsc
+++ b/global-config.rsc
@@ -92,11 +92,11 @@
:global FwAddrLists {
# "allow"={
# { url="https://git.eworm.de/cgit/routeros-scripts/plain/fw-addr-lists.d/allow";
-# cert="E1"; timeout=1w };
+# cert="E5"; timeout=1w };
# };
"block"={
# { url="https://git.eworm.de/cgit/routeros-scripts/plain/fw-addr-lists.d/block";
-# cert="E1" };
+# cert="E5" };
{ url="https://feodotracker.abuse.ch/downloads/ipblocklist_recommended.txt";
cert="GlobalSign Atlas R3 DV TLS CA 2022 Q3" };
{ url="https://sslbl.abuse.ch/blacklist/sslipblacklist.txt";
@@ -112,7 +112,7 @@
};
# "mikrotik"={
# { url="https://git.eworm.de/cgit/routeros-scripts/plain/fw-addr-lists.d/mikrotik";
-# cert="E1"; timeout=1w };
+# cert="E5"; timeout=1w };
# };
};
:global FwAddrListTimeOut 1d;
diff --git a/global-functions.rsc b/global-functions.rsc
index 447d6e9..eb700ef 100644
--- a/global-functions.rsc
+++ b/global-functions.rsc
@@ -999,7 +999,7 @@
:global SymbolForNotification;
:global ValidateSyntax;
- :if ([ $CertificateAvailable "E1" ] = false) do={
+ :if ([ $CertificateAvailable "E5" ] = false) do={
$LogPrint warning $0 ("Downloading certificate failed, trying without.");
}