mirror of
https://github.com/eworm-de/routeros-scripts.git
synced 2024-05-11 05:55:19 +00:00
55 lines
1.6 KiB
Markdown
55 lines
1.6 KiB
Markdown
Renew locally issued certificates
|
||
=================================
|
||
|
||
[⬅️ Go back to main README](../README.md)
|
||
|
||
> ℹ️ **Info**: This script can not be used on its own but requires the base
|
||
> installation. See [main README](../README.md) for details.
|
||
|
||
Description
|
||
-----------
|
||
|
||
This script renews certificates issued by a local certificate authority (CA).
|
||
Optionally the certificates are exported with individual passphrases for
|
||
easy pick-up.
|
||
|
||
Requirements and installation
|
||
-----------------------------
|
||
|
||
Just install the script:
|
||
|
||
$ScriptInstallUpdate certificate-renew-issued;
|
||
|
||
Configuration
|
||
-------------
|
||
|
||
The configuration goes to `global-config-overlay`, there is just one
|
||
parameter:
|
||
|
||
* `CertRenewPass`: an array holding individual passphrases for certificates
|
||
|
||
> ℹ️ **Info**: Copy relevant configuration from
|
||
> [`global-config`](../global-config.rsc) (the one without `-overlay`) to
|
||
> your local `global-config-overlay` and modify it to your specific needs.
|
||
|
||
Usage and invocation
|
||
--------------------
|
||
|
||
Run the script to renew certificates issued from a local CA.
|
||
|
||
/system/script/run certificate-renew-issued;
|
||
|
||
Only scripts with a remaining lifetime of three weeks or less are renewed.
|
||
The old certificate is revoked automatically. If a passphrase for a specific
|
||
certificate is given in `CertRenewPass` the certificate is exported and
|
||
PKCS#12 file (`cert-issued/CN.p12`) can be found on device's storage.
|
||
|
||
See also
|
||
--------
|
||
|
||
* [Renew certificates and notify on expiration](check-certificates.md)
|
||
|
||
---
|
||
[⬅️ Go back to main README](../README.md)
|
||
[⬆️ Go back to top](#top)
|