1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
Certificate name from browser
=============================
[![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers)
[![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network)
[![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers)
[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.14-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
[![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts)
[![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)
[⬅️ Go back to main README](README.md)
All well known desktop, mobile and server operating systems come with a
certificate store that is populated with a set of well known and trusted
certificates, acting as *trust anchors*.
However RouterOS does not, still sometimes a specific certificate is
required to properly verify a chain of trust. One example is downloading
the scripts from this repository with `fetch` command, thus the very
first step of [installation](README.md#the-long-way-in-detail) is importing
the certificate.
The scripts can install additional certificates when required. This happens
from this repository if available, or from [mkcert.org](https://mkcert.org)
as a fallback.
Get the certificate's CommonName
--------------------------------
But how to determine what certificate may be required? Often easiest way
is to use a desktop browser to get that information. This demonstration uses
[Mozilla Firefox](https://www.mozilla.org/firefox/).
Let's assume we want to make sure the certificate for
[git.eworm.de](https://git.eworm.de/) is available. Open that page in the
browser, then click the *lock* icon in addressbar, followed by "*Connection
secure*".
![screenshot: dialog A](CERTIFICATES.d/01-dialog-A.avif)
The dialog will change, click "*More information*".
![screenshot: dialog B](CERTIFICATES.d/02-dialog-B.avif)
A new window opens, click the button "*View Certificate*". (That window
can be closed now.)
![screenshot: window](CERTIFICATES.d/03-window.avif)
A new tab opens, showing information on the server certificate and its
chain of trust. The leftmost certificate is what we are interested in.
![screenshot: certificate](CERTIFICATES.d/04-certificate.avif)
Now we know that "`ISRG Root X2`" is required, some scripts need just
that information.
Import a certificate by CommonName
----------------------------------
Running the function `$CertificateAvailable` with that name as parameter
makes sure the certificate is available in the device's store:
$CertificateAvailable "ISRG Root X2";
If the certificate is actually available already nothing happens, and there
is no output. Otherwise the certificate is downloaded and imported.
If importing a certificate with that exact name fails a warning is given
and nothing is actually imported.
See also
--------
* [Download, import and update firewall address-lists](doc/fw-addr-lists.md)
* [Send notifications via Matrix](doc/mod/notification-matrix.md)
* [Send notifications via Ntfy](doc/mod/notification-ntfy.md)
---
[⬅️ Go back to main README](README.md)
[⬆️ Go back to top](#top)
|