aboutsummaryrefslogtreecommitdiffstats
path: root/certs
AgeCommit message (Collapse)AuthorFilesLines
2024-06-19Let's Encrypt changed their intermediate certificatesGravatar Christian Hesse2-0/+350
https://letsencrypt.org/2024/03/19/new-intermediate-certificates https://letsencrypt.org/certificates/ But let's keep the old ones around for now, as some sites are still using the old intermediate.
2024-05-14fw-addr-lists: add 'strongips' list from blocklist.dechange-128Gravatar Christian Hesse1-0/+176
2024-03-16global-functions: $CertificateDownload: download via clean name...Gravatar Christian Hesse8-0/+0
... and rename certificates in repository.
2024-01-09certs: add new DigiCert certificates...Gravatar Christian Hesse1-0/+182
... used by Cloudflare.
2023-12-22global-functions: $GetMacVendor: get new certificateGravatar Christian Hesse1-0/+238
The service now uses: GTS CA 1P5 -> GTS Root R1
2023-10-26global: switch eworm.de to new certificate chain (E1 / ISRG Root X2)Gravatar Christian Hesse1-119/+0
old chain: R3 / ISRG Root X1 new chain: E1 / ISRG Root X2 No user interaction or migration is required for existing installations as we install 'E1' and 'ISRG Root X2' for some time already.
2023-06-13certs: add Cloudflare certificates...Gravatar Christian Hesse1-0/+163
... for later use.
2023-06-13certs: add GlobalSign certificates...Gravatar Christian Hesse1-0/+177
... for later use.
2022-09-13global-functions: $GetMacVendor: switched to Let's Encrypt (R3)Gravatar Christian Hesse1-166/+0
So let's check for the correct one, and drop the other.
2021-09-21certs: drop old chain GTS CA 1O1 / GlobalSignGravatar Christian Hesse1-186/+0
2021-09-20certs: add new chain GTS CA 1C3 / GTS Root R1Gravatar Christian Hesse1-0/+242
This is used by Google DNS (8.8.8.8). $CertificateAvailable "GTS CA 1C3" /ip dns set use-doh-server=https://8.8.8.8/dns-query verify-doh-cert=yes
2021-09-20certs: drop old intermediate cert DigiCert ECC Secure Server CAGravatar Christian Hesse1-166/+0
2021-09-20certs: add new intermediate cert DigiCert TLS Hybrid ECC SHA384 2020 CA1Gravatar Christian Hesse1-0/+174
This is used by Cloudflare DNS (1.1.1.1) and Quard9 (9.9.9.9). $CertificateAvailable "DigiCert TLS Hybrid ECC SHA384 2020 CA1" /ip dns set use-doh-server=https://1.1.1.1/dns-query verify-doh-cert=yes $CertificateAvailable "DigiCert TLS Hybrid ECC SHA384 2020 CA1" /ip dns set use-doh-server=https://9.9.9.9/dns-query verify-doh-cert=yes
2021-05-18drop certificate DST Root CA X3Gravatar Christian Hesse1-77/+0
Let's Encrypt planned the transition to ISRG's root certificate ("ISRG Root X1") on July 8, 2019, but postponed several times. Finally they found another solution: A certificate 'ISRG Root X1', but cross-signed with 'DST Root CA X3' and with a livetime that exceeds that of the root CA. This is said to work for most operating system where root certificate authorities are just 'trust anchors'. I doubt this is true for RouterOS, where certificates are just imported into the certificate store. So let's migrate to 'ISRG Root X1' now.
2021-02-24global-functions: $GetMacVendor: requires certificate "Cloudflare Inc ECC ↵Gravatar Christian Hesse1-0/+166
CA-3" now
2020-12-30certs: add plain text info about certificatesGravatar Christian Hesse6-68/+1028
Also order certificates, so we have: * intermediate * root * alternative root, if any Let's add 'ISRG Root X1' for 'E1' as there will be a valid cross-signed chain 'E1' -> 'ISRG Root X2' -> 'ISRG Root X1'.
2020-12-18certs: remove Let's Encrypt Authority X3Gravatar Christian Hesse1-83/+0
2020-12-17certs: add new Let's Encrypt certificatesGravatar Christian Hesse2-0/+112
https://letsencrypt.org/certificates/
2020-06-10add certificate 'GTS CA 1O1'Gravatar Christian Hesse1-0/+47
This is used by DNS over HTTPS services: https://dns.google/dns-query
2020-03-20add certificate 'DigiCert ECC Secure Server CA'Gravatar Christian Hesse1-0/+44
This is used by DNS over HTTPS services: https://cloudflare-dns.com/dns-query https://dns9.quad9.net/dns-query (secured) https://dns10.quad9.net/dns-query (unsecured) https://github.com/curl/curl/wiki/DNS-over-HTTPS
2019-04-30global-functions: $CertificateAvailable: fetch by CommonNameGravatar Christian Hesse3-0/+0
Now that we have a proper $UrlEncode function... Fetch certificates by CommonName. Also remove the PEM after import.
2019-01-02update-tunnelbroker: verify certificateGravatar Christian Hesse1-0/+52
2018-12-20global-functions: make $CertificateAvailable work on CommonNameGravatar Christian Hesse4-136/+134
This should prevent endless certificate switching for Let's Encrypt cross-signed intermediate certificates.
2018-12-20README: add Root CA certificate DST Root CA X3Gravatar Christian Hesse1-0/+20
This is used by Let's Encrypt to cross-sign.
2018-10-16README: download certificates from repositoryGravatar Christian Hesse2-0/+64
2018-10-16global-functions: import certificates if requiredGravatar Christian Hesse2-0/+52
Signed-off-by: Christian Hesse <mail@eworm.de>