Age | Commit message (Expand) | Author | Files | Lines |
2022-09-13 | global-functions: $GetMacVendor: switched to Let's Encrypt (R3)•••So let's check for the correct one, and drop the other.
| Christian Hesse | 1 | -166/+0 |
2021-09-21 | certs: drop old chain GTS CA 1O1 / GlobalSign | Christian Hesse | 1 | -186/+0 |
2021-09-20 | certs: add new chain GTS CA 1C3 / GTS Root R1•••This is used by Google DNS (8.8.8.8).
$CertificateAvailable "GTS CA 1C3"
/ip dns set use-doh-server=https://8.8.8.8/dns-query verify-doh-cert=yes
| Christian Hesse | 1 | -0/+242 |
2021-09-20 | certs: drop old intermediate cert DigiCert ECC Secure Server CA | Christian Hesse | 1 | -166/+0 |
2021-09-20 | certs: add new intermediate cert DigiCert TLS Hybrid ECC SHA384 2020 CA1•••This is used by Cloudflare DNS (1.1.1.1) and Quard9 (9.9.9.9).
$CertificateAvailable "DigiCert TLS Hybrid ECC SHA384 2020 CA1"
/ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes
$CertificateAvailable "DigiCert TLS Hybrid ECC SHA384 2020 CA1"
/ip dns set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes
| Christian Hesse | 1 | -0/+174 |
2021-05-18 | drop certificate DST Root CA X3•••Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root
X1") on July 8, 2019, but postponed several times.
Finally they found another solution: A certificate 'ISRG Root X1', but
cross-signed with 'DST Root CA X3' and with a livetime that exceeds that
of the root CA. This is said to work for most operating system where root
certificate authorities are just 'trust anchors'.
I doubt this is true for RouterOS, where certificates are just imported
into the certificate store. So let's migrate to 'ISRG Root X1' now.
| Christian Hesse | 1 | -77/+0 |
2021-02-24 | global-functions: $GetMacVendor: requires certificate "Cloudflare Inc ECC CA-... | Christian Hesse | 1 | -0/+166 |
2020-12-30 | certs: add plain text info about certificates•••Also order certificates, so we have:
* intermediate
* root
* alternative root, if any
Let's add 'ISRG Root X1' for 'E1' as there will be a valid cross-signed
chain 'E1' -> 'ISRG Root X2' -> 'ISRG Root X1'.
| Christian Hesse | 6 | -68/+1028 |
2020-12-18 | certs: remove Let's Encrypt Authority X3 | Christian Hesse | 1 | -83/+0 |
2020-12-17 | certs: add new Let's Encrypt certificates•••https://letsencrypt.org/certificates/
| Christian Hesse | 2 | -0/+112 |
2020-06-10 | add certificate 'GTS CA 1O1'•••This is used by DNS over HTTPS services:
https://dns.google/dns-query
| Christian Hesse | 1 | -0/+47 |
2020-03-20 | add certificate 'DigiCert ECC Secure Server CA'•••This is used by DNS over HTTPS services:
https://cloudflare-dns.com/dns-query
https://dns9.quad9.net/dns-query (secured)
https://dns10.quad9.net/dns-query (unsecured)
https://github.com/curl/curl/wiki/DNS-over-HTTPS
| Christian Hesse | 1 | -0/+44 |
2019-04-30 | global-functions: $CertificateAvailable: fetch by CommonName•••Now that we have a proper $UrlEncode function... Fetch certificates
by CommonName.
Also remove the PEM after import.
| Christian Hesse | 3 | -0/+0 |
2019-01-02 | update-tunnelbroker: verify certificate | Christian Hesse | 1 | -0/+52 |
2018-12-20 | global-functions: make $CertificateAvailable work on CommonName•••This should prevent endless certificate switching for Let's Encrypt
cross-signed intermediate certificates.
| Christian Hesse | 4 | -136/+134 |
2018-12-20 | README: add Root CA certificate DST Root CA X3•••This is used by Let's Encrypt to cross-sign.
| Christian Hesse | 1 | -0/+20 |
2018-10-16 | README: download certificates from repository | Christian Hesse | 2 | -0/+64 |
2018-10-16 | global-functions: import certificates if required•••Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2 | -0/+52 |