Importing certificate from script

jschulze · September 30, 2009, 12:35pm

Hi,

trying to import a certificate from script :
/certificate import file-name “filename”

The problem is that the script stops execution asking for the passphrase. In my case, no passphrase is needed. When I hit return on the console, script execution continues. How does one automate this ? Tried :putting \r or \n to the console, but that does not seem to work. Help is appreciated.

J

mrz · September 30, 2009, 12:48pm

specify passphares=“”

jschulze · September 30, 2009, 1:01pm

I tried that, but no where in the string :

/certificate import file-name=filename

it seems allowed to add a passphrase=“” option. The cursor turns red when entering this on the command line, and within the script it throws an error. Could you give me the complete syntax for this ?

Many thanks

mrz · September 30, 2009, 1:07pm

Sorry my mistake this parameter cannot be used from console so you can’t import certificates from script.

jschulze · September 30, 2009, 1:13pm

Oops, that’s a disappointment as I would like to automate the whole procedure. You can imagine the pain when rolling out hundreds of VPN clients !

Is there a workaround where I could send a CR/LF to the console to kind of answer the 'passphrase’question ? I already tried :put “\r” , even with a preceeding delay, but that also does not seem to work.

mrz · September 30, 2009, 1:17pm

Not directly from RouterOS. You will have to use, for example, expect script that will telnet to router and execute commands.

jschulze · September 30, 2009, 6:39pm

Telnetting to the router to execute commands does not really appeal to me. Before I venture into writing a DLL embedding your API, could you confirm it is possible to import certificates using the API ?

janisk · October 1, 2009, 9:17am

it is easy to do that through API:

 /certificate/import
=file-name=cert.pem

and no prompts

jschulze · October 1, 2009, 9:39pm

Thanks for the info. Got a wrapper for the API up and running, and when sending /certificate/print, I do get the information I expected to get back on my socket. Next step to send the /certificate/import command.

vemax78 · September 30, 2011, 2:51pm

Sorry for resume old thread. I have same problem.

Can you give the possibility to “import certificates without password” even by scripts ?
It is sufficient when importing “certificate without a password” that is not require to hit return.
This feature should not reduce the safety of the device, there are no passwords in the clear and the private key is already plain text.

I can not use the Mikrotik API and would like to add automatically a certificate using scripts (for example for configure from remote a device by auto-provisiong).

Is a feature possible ?

Thanks
Massimo

Ehman · January 27, 2013, 11:15am

same issue here, I want to import a cert with a script, but the passphase …dammm