aboutsummaryrefslogtreecommitdiffstats
path: root/check-certificates
AgeCommit message (Collapse)AuthorFilesLines
2021-01-11check-certificates: do not renew if loosing private keyGravatar Christian Hesse1-0/+5
2021-01-11check-certificates: show info on private keyGravatar Christian Hesse1-0/+2
2021-01-01update copyright for 2021Gravatar Christian Hesse1-1/+1
2020-12-18check-certificates: make the certificate renewal time configurablechange-40Gravatar Christian Hesse1-1/+2
2020-11-26global-functions: clickable links in telegram notificationsGravatar Christian Hesse1-1/+1
2020-11-13check-certificates: decrease log severity to infoGravatar Christian Hesse1-2/+2
2020-09-18extend magic pattern with "by RouterOS"Gravatar Christian Hesse1-1/+1
This matches the string included in export.
2020-09-06check-certificates: do not notify with missing validity periodGravatar Christian Hesse1-1/+1
2020-09-01check-certificates: better check for non-empty valueGravatar Christian Hesse1-1/+1
2020-08-26[ ... print count-only ...] -> [ :len [ ... find ... ] ]Gravatar Christian Hesse1-1/+1
Using 'print count-only' always prints a number to terminal, even if the value is evaluated in a condition or assigned to a variable. This can be quite annoying. Behavior will not chance (SUP-25503), so replacing the code...
2020-08-21check-certificates: wait to be fully connectedGravatar Christian Hesse1-4/+2
2020-08-21check-certificates: fix usage of functionGravatar Christian Hesse1-1/+1
2020-07-17check-certificates: add symbol in notificationGravatar Christian Hesse1-2/+3
2020-07-16check-certificates: use $IfThenElseGravatar Christian Hesse1-7/+3
2020-06-19explicitly name the licenseGravatar Christian Hesse1-0/+1
Copyright (C) 2013-2020 Christian Hesse <mail@eworm.de> This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. https://www.gnu.org/licenses/#GPL https://www.gnu.org/licenses/gpl.html https://www.gnu.org/licenses/gpl.md
2020-04-24check-certificates: exclude issued certificates on SCEP serverGravatar Christian Hesse1-16/+20
2020-04-24check-certificates: always use parenthesisGravatar Christian Hesse1-2/+2
2020-04-24check-certificates: add missing blankGravatar Christian Hesse1-1/+1
2020-04-03check-certificates: warn about missing chainGravatar Christian Hesse1-1/+3
2020-04-03check-certificates: check and download certificate chainGravatar Christian Hesse1-0/+3
2020-03-27add doc/check-certificates.mdGravatar Christian Hesse1-0/+1
2020-03-20check-certificates: exclude certificates issued by SCEPGravatar Christian Hesse1-2/+2
2020-03-05check-certificates: use $LogPrintExit for debugGravatar Christian Hesse1-5/+5
2020-02-28global-functions: sort alphabeticallyGravatar Christian Hesse1-3/+3
2020-02-26global-functions: merge $LogAnd{Error,Put} to $LogPrintExit ...Gravatar Christian Hesse1-7/+6
... and fix logging. Logging with severity from variable (:log $severity ...) is not possible, this is considered a syntax error. Also the 'workaround' with parsing code failed with missing message in log. The reliable code is a lot longer, so merge the two functions to save a lot of duplicate code.
2020-02-26check-certificates: use $LogAndPutGravatar Christian Hesse1-2/+3
2020-02-26check-certificates: use $LogAndErrorGravatar Christian Hesse1-2/+1
2020-02-26global-functions: $LogAndError: add severityGravatar Christian Hesse1-1/+1
2020-02-26check-certificates: use $LogAndErrorGravatar Christian Hesse1-2/+2
2020-02-24check-certificates: check for synced timeGravatar Christian Hesse1-0/+6
2020-02-06check-certificates: rename all certificates by their common namesGravatar Christian Hesse1-0/+5
2020-01-01update copyright for 2020Gravatar Christian Hesse1-1/+1
2019-11-11check-certificates: make renew notification silentGravatar Christian Hesse1-1/+1
2019-07-31check-certificates: fix renewing certificate in placeGravatar Christian Hesse1-14/+18
2019-07-18check-certificates: use $ParseKeyValueStoreGravatar Christian Hesse1-11/+3
2019-05-21check-certificates: get certificate values into arrayGravatar Christian Hesse1-43/+28
2019-05-02check-certificates: do not try to renew locally issued certificatesGravatar Christian Hesse1-1/+1
2019-05-02check-certificates: give issuer info on locally issued certificatesGravatar Christian Hesse1-1/+2
Certificates issued locally do not have an 'issuer' property, but a 'ca' one. Looks like either of both is filled, so just concatenate.
2019-04-30global-functions: add $WaitForFile, wait for file on fetchGravatar Christian Hesse1-1/+4
The fetch command is asynchronous, the file is not guaranteed to be available when command terminates. I opened an issue at Mikrotik support (Ticket#2019041722004999), their answer: > You should perform a check in a loop. > :delay until file exist > > That can happen also with any configuration not just files. So add a function to wait for a file with given name. I have not seen this with other configuration, though.
2019-04-11check-certificates: make sure fingerprint is a stringGravatar Christian Hesse1-1/+1
This makes sure the condition below works for certificate templates, which do not have a fingerprint.
2019-04-11check-certificates: do not send notification for templatesGravatar Christian Hesse1-1/+1
2019-04-11check-certificates: always return a string in $GetIssuerCNGravatar Christian Hesse1-0/+1
2019-04-10check-certificates: add url encoding for certificate downloadGravatar Christian Hesse1-4/+6
2019-04-10check-certificates: try to fetch PEM and P12 fileGravatar Christian Hesse1-4/+10
2019-04-10check-certificates: use full path...Gravatar Christian Hesse1-3/+3
... to make sure syntax does not break if package is not installed.
2019-04-10check-certificates: just change certificates, no loopGravatar Christian Hesse1-12/+4
2019-04-09drop deprecated mode= for fetchGravatar Christian Hesse1-1/+1
2019-04-03always write warnings and errors to logGravatar Christian Hesse1-0/+1
2019-04-01check-certificates: support multiple passphraseschange-3Gravatar Christian Hesse1-1/+3
2019-03-28check-certificates: show remaining timeGravatar Christian Hesse1-8/+16
2019-03-25check-certificates: update certificates for ipsec identitiesGravatar Christian Hesse1-1/+12
2019-03-06check-certificates: split loop for certificate renew and warningGravatar Christian Hesse1-20/+27
This allows to have differnt time values.
2019-01-12check-certificates: strip prefix from issuer CNGravatar Christian Hesse1-1/+1
2019-01-12check-certificates: properly handle expired certificatesGravatar Christian Hesse1-4/+11
2019-01-09check-certificates: move conditions to loopGravatar Christian Hesse1-60/+50
2019-01-09check-certificates: shorten key for detailed infosGravatar Christian Hesse1-10/+10
2019-01-09check-certificates: show issuer CN onlyGravatar Christian Hesse1-2/+11
2019-01-09check-certificates: include the issuer in notificationsGravatar Christian Hesse1-0/+4
2019-01-09check-certificates: update CommonName after renewalGravatar Christian Hesse1-0/+1
2019-01-09check-certificates: use time functionalityGravatar Christian Hesse1-25/+10
No need to calculate that...
2019-01-09check-certificates: send notification on renewalGravatar Christian Hesse1-8/+18
2019-01-09check-certificates: drop extra warningGravatar Christian Hesse1-2/+0
A sent notification implies that renewal failed.
2019-01-04global: variable names are CamelCaseGravatar Christian Hesse1-47/+46
___ _ ___ __ / _ )(_)__ _ / _/__ _/ /_ / _ / / _ `/ / _/ _ `/ __/ /____/_/\_, / /_/ \_,_/\__/ _ __ /___/ _ __ | | / /___ __________ (_)___ ____ _/ / | | /| / / __ `/ ___/ __ \/ / __ \/ __ `/ / | |/ |/ / /_/ / / / / / / / / / / /_/ /_/ |__/|__/\__,_/_/ /_/ /_/_/_/ /_/\__, (_) /____/ RouterOS has some odd behavior when it comes to variable names. Let's have a look at the interfaces: [admin@MikroTik] > / interface print where name=en1 Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 That looks ok. Now we use a script: { :local interface "en1"; / interface print where name=$interface; } And the result... [admin@MikroTik] > { :local interface "en1"; {... / interface print where name=$interface; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 ... still looks ok. We make a little modification to the script: { :local name "en1"; / interface print where name=$name; } And the result: [admin@MikroTik] > { :local name "en1"; {... / interface print where name=$name; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU 0 RS en1 ether 1500 1598 1 S en2 ether 1500 1598 2 S en3 ether 1500 1598 3 S en4 ether 1500 1598 4 S en5 ether 1500 1598 5 R br-local bridge 1500 1598 Ups! The filter has no effect! That happens whenever the variable name ($name) matches the property name (name=). And another modification: { :local type "en1"; / interface print where name=$type; } And the result: [admin@MikroTik] > { :local type "en1"; {... / interface print where name=$type; } Flags: D - dynamic, X - disabled, R - running, S - slave # NAME TYPE ACTUAL-MTU L2MTU Ups! Nothing? Even if the variable name ($type) matches whatever property name (type=) things go wrong. The answer from MikroTik support (in Ticket#2019010222000454): > This is how scripting works in RouterOS and we will not fix it. To get around this we use variable names in CamelCase. Let's hope Mikrotik never ever introduces property names in CamelCase... *fingers crossed*
2019-01-02update copyright for 2019Gravatar Christian Hesse1-1/+1
2018-12-20check-certificates: support auto-renew of certificatesGravatar Christian Hesse1-10/+44
2018-11-28global-functions: add identity tag in $SendNotificationGravatar Christian Hesse1-1/+1
... and send subject in telegram message.
2018-10-10global: remove unused variablesGravatar Christian Hesse1-2/+0
2018-10-09check-certificates: use function for notificationGravatar Christian Hesse1-3/+4
2018-09-27start scripts with a magic token / shebangGravatar Christian Hesse1-1/+1
2018-08-24add empty comment at first line...Gravatar Christian Hesse1-0/+1
... for better formatting in export.
2018-07-05add scriptsGravatar Christian Hesse1-0/+52