aboutsummaryrefslogtreecommitdiffstats
path: root/README.md
diff options
context:
space:
mode:
authorGravatar Christian Hesse <mail@eworm.de>2021-05-18 16:33:52 +0200
committerGravatar Christian Hesse <mail@eworm.de>2021-05-18 16:33:52 +0200
commit5037dbbedc868d6ce881b039a7faa4de91f45c12 (patch)
tree9489229551f3b69ccf291af2288925eeee564fae /README.md
parent862417b8d32f6eef1c05ba9137fe2a7f14436987 (diff)
parent4427cabd0eac9f8a5b18f939198284621933fa36 (diff)
Merge branch 'lets-encrypt-ISRG-X1' into next
Diffstat (limited to 'README.md')
-rw-r--r--README.md16
1 files changed, 4 insertions, 12 deletions
diff --git a/README.md b/README.md
index e102202..c5c0ba5 100644
--- a/README.md
+++ b/README.md
@@ -66,30 +66,22 @@ files to your MikroTik device.
Then we import the certificates.
[admin@MikroTik] > / certificate import file-name=letsencrypt-R3.pem passphrase=""
- certificates-imported: 3
+ certificates-imported: 2
private-keys-imported: 0
files-imported: 1
decryption-failures: 0
keys-with-no-certificate: 0
For basic verification we rename the certificates and print their count. Make
-sure the certificate count is **three**.
+sure the certificate count is **two**.
[admin@MikroTik] > / certificate set name="R3" [ find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" ]
[admin@MikroTik] > / certificate set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ]
- [admin@MikroTik] > / certificate set name="DST-Root-CA-X3" [ find where fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739" ]
- [admin@MikroTik] > / certificate print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" or fingerprint="0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739"
- 3
+ [admin@MikroTik] > / certificate print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6"
+ 2
Always make sure there are no certificates installed you do not know or want!
-Actually we do not require the certificate named `DST Root CA X3`, but as it
-is used by `Let's Encrypt` to cross-sign we install it anyway - this makes
-sure things do not go wrong if the intermediate certificate is replaced.
-The IdenTrust certificate *should* be available from their
-[download page](https://www.identrust.com/support/downloads). The site is
-crap and a good example how to *not* do it.
-
Now let's download the main scripts and add them in configuration on the fly.
[admin@MikroTik] > :foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script) output=user as-value]->"data"); }