Skip to content

Latest commit

 

History

History
82 lines (58 loc) · 3.68 KB

CERTIFICATES.md

File metadata and controls

82 lines (58 loc) · 3.68 KB

Certificate name from browser

GitHub stars GitHub forks GitHub watchers required RouterOS version Telegram group @routeros_scripts donate with PayPal

⬅️ Go back to main README

All well known desktop, mobile and server operating systems come with a certificate store that is populated with a set of well known and trusted certificates, acting as trust anchors.

However RouterOS does not, still sometimes a specific certificate is required to properly verify a chain of trust. One example is downloading the scripts from this repository with fetch command, thus the very first step of installation is importing the certificate.

The scripts can install additional certificates when required. This happens from this repository if available, or from mkcert.org as a fallback.

Get the certificate's CommonName

But how to determine what certificate may be required? Often easiest way is to use a desktop browser to get that information. This demonstration uses Mozilla Firefox.

Let's assume we want to make sure the certificate for git.eworm.de is available. Open that page in the browser, then click the lock icon in addressbar, followed by "Connection secure".

screenshot: dialog A

The dialog will change, click "More information".

screenshot: dialog B

A new window opens, click the button "View Certificate". (That window can be closed now.)

screenshot: window

A new tab opens, showing information on the server certificate and its chain of trust. The leftmost certificate is what we are interested in.

screenshot: certificate

Now we know that "ISRG Root X2" is required, some scripts need just that information.

Import a certificate by CommonName

Running the function $CertificateAvailable with that name as parameter makes sure the certificate is available in the device's store:

$CertificateAvailable "ISRG Root X2";

If the certificate is actually available already nothing happens, and there is no output. Otherwise the certificate is downloaded and imported.

If importing a certificate with that exact name fails a warning is given and nothing is actually imported.

See also


⬅️ Go back to main README
⬆️ Go back to top