Community discussions

 
jschulze
just joined
Topic Author
Posts: 16
Joined: Wed Sep 30, 2009 3:31 pm

Importing certificate from script

Wed Sep 30, 2009 3:35 pm

Hi,

trying to import a certificate from script :
/certificate import file-name "filename"

The problem is that the script stops execution asking for the passphrase. In my case, no passphrase is needed. When I hit return on the console, script execution continues. How does one automate this ? Tried :putting \r or \n to the console, but that does not seem to work. Help is appreciated.

J
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Importing certificate from script

Wed Sep 30, 2009 3:48 pm

specify passphares=""
 
jschulze
just joined
Topic Author
Posts: 16
Joined: Wed Sep 30, 2009 3:31 pm

Re: Importing certificate from script

Wed Sep 30, 2009 4:01 pm

I tried that, but no where in the string :

/certificate import file-name=filename

it seems allowed to add a passphrase="" option. The cursor turns red when entering this on the command line, and within the script it throws an error. Could you give me the complete syntax for this ?

Many thanks
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Importing certificate from script

Wed Sep 30, 2009 4:07 pm

Sorry my mistake this parameter cannot be used from console so you can't import certificates from script.
 
jschulze
just joined
Topic Author
Posts: 16
Joined: Wed Sep 30, 2009 3:31 pm

Re: Importing certificate from script

Wed Sep 30, 2009 4:13 pm

Oops, that's a disappointment as I would like to automate the whole procedure. You can imagine the pain when rolling out hundreds of VPN clients !

Is there a workaround where I could send a CR/LF to the console to kind of answer the 'passphrase'question ? I already tried :put "\r" , even with a preceeding delay, but that also does not seem to work.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Importing certificate from script

Wed Sep 30, 2009 4:17 pm

Not directly from RouterOS. You will have to use, for example, expect script that will telnet to router and execute commands.
 
jschulze
just joined
Topic Author
Posts: 16
Joined: Wed Sep 30, 2009 3:31 pm

Re: Importing certificate from script

Wed Sep 30, 2009 9:39 pm

Telnetting to the router to execute commands does not really appeal to me. Before I venture into writing a DLL embedding your API, could you confirm it is possible to import certificates using the API ?
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Importing certificate from script

Thu Oct 01, 2009 12:17 pm

it is easy to do that through API:
 /certificate/import
=file-name=cert.pem
and no prompts
 
jschulze
just joined
Topic Author
Posts: 16
Joined: Wed Sep 30, 2009 3:31 pm

Re: Importing certificate from script

Fri Oct 02, 2009 12:39 am

Thanks for the info. Got a wrapper for the API up and running, and when sending /certificate/print, I do get the information I expected to get back on my socket. Next step to send the /certificate/import command.
 
vemax78
just joined
Posts: 11
Joined: Thu Sep 22, 2011 5:53 pm

Re: Importing certificate from script

Fri Sep 30, 2011 5:51 pm

Sorry for resume old thread. I have same problem.

Can you give the possibility to "import certificates without password" even by scripts ?
It is sufficient when importing "certificate without a password" that is not require to hit return.
This feature should not reduce the safety of the device, there are no passwords in the clear and the private key is already plain text.

I can not use the Mikrotik API and would like to add automatically a certificate using scripts (for example for configure from remote a device by auto-provisiong).

Is a feature possible ?


Thanks
Massimo
 
Ehman
Member
Member
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: Importing certificate from script

Sun Jan 27, 2013 1:15 pm

Sorry for resume old thread. I have same problem.

Can you give the possibility to "import certificates without password" even by scripts ?
It is sufficient when importing "certificate without a password" that is not require to hit return.
This feature should not reduce the safety of the device, there are no passwords in the clear and the private key is already plain text.

I can not use the Mikrotik API and would like to add automatically a certificate using scripts (for example for configure from remote a device by auto-provisiong).

Is a feature possible ?


Thanks
Massimo
same issue here, I want to import a cert with a script, but the passphase .....dammm :(

Who is online

Users browsing this forum: No registered users and 35 guests