Renew locally issued certificates

⬅️ Go back to main README

ℹ️ Info: This script can not be used on its own but requires the base installation. See main README for details.


This script renews certificates issued by a local certificate authority (CA). Optionally the certificates are exported with individual passphrases for easy pick-up.

Requirements and installation

Just install the script:

$ScriptInstallUpdate certificate-renew-issued;


The configuration goes to global-config-overlay, there is just one parameter:

  • CertRenewPass: an array holding individual passphrases for certificates

ℹ️ Info: Copy relevant configuration from global-config (the one without -overlay) to your local global-config-overlay and modify it to your specific needs.

Usage and invocation

Run the script to renew certificates issued from a local CA.

/system/script/run certificate-renew-issued;

Only scripts with a remaining lifetime of three weeks or less are renewed. The old certificate is revoked automatically. If a passphrase for a specific certificate is given in CertRenewPass the certificate is exported and PKCS#12 file (cert-issued/CN.p12) can be found on device's storage.

See also

⬅️ Go back to main README
⬆️ Go back to top