| 
									
										
										
										
											2020-09-18 11:00:27 +02:00
										 |  |  | #!rsc by RouterOS | 
					
						
							| 
									
										
										
										
											2019-06-24 13:30:36 +02:00
										 |  |  | # RouterOS script: certificate-renew-issued | 
					
						
							| 
									
										
										
										
											2023-01-02 23:33:49 +01:00
										 |  |  | # Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de> | 
					
						
							| 
									
										
										
										
											2020-06-19 22:17:42 +02:00
										 |  |  | # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md | 
					
						
							| 
									
										
										
										
											2019-06-24 13:30:36 +02:00
										 |  |  | # | 
					
						
							|  |  |  | # renew locally issued certificates | 
					
						
							| 
									
										
										
										
											2020-03-27 21:40:35 +01:00
										 |  |  | # https://git.eworm.de/cgit/routeros-scripts/about/doc/certificate-renew-issued.md | 
					
						
							| 
									
										
										
										
											2019-06-24 13:30:36 +02:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-22 15:14:10 +01:00
										 |  |  | :local 0 "certificate-renew-issued"; | 
					
						
							| 
									
										
										
										
											2021-02-18 14:52:47 +01:00
										 |  |  | :global GlobalFunctionsReady; | 
					
						
							|  |  |  | :while ($GlobalFunctionsReady != true) do={ :delay 500ms; } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2020-03-20 08:49:09 +01:00
										 |  |  | :global CertIssuedExportPass; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-02-22 15:14:10 +01:00
										 |  |  | :global LogPrintExit2; | 
					
						
							| 
									
										
										
										
											2020-03-20 08:49:09 +01:00
										 |  |  | :global MkDir; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-05-10 14:41:16 +02:00
										 |  |  | :foreach Cert in=[ /certificate/find where issued expires-after<3w ] do={ | 
					
						
							|  |  |  |   :local CertVal [ /certificate/get $Cert ]; | 
					
						
							|  |  |  |   /certificate/issued-revoke $Cert; | 
					
						
							|  |  |  |   /certificate/set name=($CertVal->"name" . "-revoked-" . [ /system/clock/get date ]) $Cert; | 
					
						
							|  |  |  |   /certificate/add name=($CertVal->"name") common-name=($CertVal->"common-name") \ | 
					
						
							| 
									
										
										
										
											2019-06-24 13:30:36 +02:00
										 |  |  |       key-usage=($CertVal->"key-usage") subject-alt-name=($CertVal->"subject-alt-name"); | 
					
						
							| 
									
										
										
										
											2022-05-10 14:41:16 +02:00
										 |  |  |   /certificate/sign ($CertVal->"name") ca=($CertVal->"ca"); | 
					
						
							| 
									
										
										
										
											2020-03-20 08:49:09 +01:00
										 |  |  |   :if ([ :typeof ($CertIssuedExportPass->($CertVal->"common-name")) ] = "str") do={ | 
					
						
							| 
									
										
										
										
											2021-01-20 14:38:11 +01:00
										 |  |  |     :if ([ $MkDir "cert-issued" ] = true) do={ | 
					
						
							| 
									
										
										
										
											2022-05-10 14:41:16 +02:00
										 |  |  |       /certificate/export-certificate ($CertVal->"name") type=pkcs12 \ | 
					
						
							| 
									
										
										
										
											2021-01-20 14:38:11 +01:00
										 |  |  |           file-name=("cert-issued/" . $CertVal->"common-name") \ | 
					
						
							|  |  |  |           export-passphrase=($CertIssuedExportPass->($CertVal->"common-name")); | 
					
						
							| 
									
										
										
										
											2021-02-22 15:14:10 +01:00
										 |  |  |       $LogPrintExit2 info $0 ("Issued a new certificate for \"" . $CertVal->"common-name" . \ | 
					
						
							| 
									
										
										
										
											2021-01-20 14:38:11 +01:00
										 |  |  |         "\", exported to \"cert-issued/" . $CertVal->"common-name" . ".p12\".") false; | 
					
						
							|  |  |  |     } else={ | 
					
						
							| 
									
										
										
										
											2021-02-22 15:14:10 +01:00
										 |  |  |       $LogPrintExit2 warning $0 ("Failed creating directory, not exporting certificate.") false; | 
					
						
							| 
									
										
										
										
											2021-01-20 14:38:11 +01:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2020-03-20 08:56:13 +01:00
										 |  |  |   } else={ | 
					
						
							| 
									
										
										
										
											2021-02-22 15:14:10 +01:00
										 |  |  |     $LogPrintExit2 info $0 ("Issued a new certificate for \"" . $CertVal->"common-name" . "\".") false; | 
					
						
							| 
									
										
										
										
											2020-03-20 08:49:09 +01:00
										 |  |  |   } | 
					
						
							| 
									
										
										
										
											2019-06-24 13:30:36 +02:00
										 |  |  | } |