Community discussions

MUM Europe 2020
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Importing certificate with a script?? need help

Wed Jan 23, 2013 9:41 pm

Hi. Can someone help me to import a certificate with a script.

biggest problem, if the certificate expires, then all my SSTP tunnels close, and my clients devices are country wide, worst fear! and the tunnel is the only way to connect to the routers

I need a script to install the new certificate before the old one expires, everything with scripts

/certificate import file-name=filename passphrase="XXXXXXXXXXXX"

passphrase goes red, that sux and doesnt work, so can anyone help me out please?

I want to automate the stuff.....
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: Importing certificate with a script?? need help

Wed Jan 23, 2013 11:34 pm

I don't need any karma... I have Ιησους Χριστος!
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: Importing certificate with a script?? need help

Wed Jan 23, 2013 11:41 pm

looks impossible, I don't understand a thing....

my certificate I want to import is:

ca.crt
ca.key
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: Importing certificate with a script?? need help

Thu Jan 24, 2013 1:02 am

What method do you currently use to update the certificates?
I don't need any karma... I have Ιησους Χριστος!
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: Importing certificate with a script?? need help

Thu Jan 24, 2013 2:49 am

What method do you currently use to update the certificates?
I installed it manually in winbox, system > certificate list > import the 2 files and enter the paraphrase
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: Importing certificate with a script?? need help

Thu Jan 24, 2013 8:36 am

How many routers are there to update, and what is your time frame?

Trying to develop an automated system using the API or SSH could be a large and in-depth project, depending on how automated you want the process, and how you want to accomplish the task.
I don't need any karma... I have Ιησους Χριστος!
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: Importing certificate with a script?? need help

Thu Jan 24, 2013 10:43 am

How many routers are there to update, and what is your time frame?

Trying to develop an automated system using the API or SSH could be a large and in-depth project, depending on how automated you want the process, and how you want to accomplish the task.

well, I have a couple 750's connected to a 1100, so I just want to setup scripts on the 1100 to upload a script to the 750 and then run it on the 750 to update, because my certificate expires in 10 years so I want to upload a new certificate every year, I've got 10x 750's on remote places and the amount is growing, all connected over a sstp tunnels
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: Importing certificate with a script?? need help

Fri Jan 25, 2013 1:20 am

well, I have a couple 750's connected to a 1100, so I just want to setup scripts on the 1100 to upload a script to the 750 and then run it on the 750 to update, because my certificate expires in 10 years so I want to upload a new certificate every year, I've got 10x 750's on remote places and the amount is growing, all connected over a sstp tunnels
Because the certificate passphrase can't be entered in a script, you'll have to use one of the other options mentioned earlier.

I would use a central server with access to all the routers. It would schedule the uploading of the new certificates and run the necessary API commands to the routers. The nice thing about the API is that there are a number of different implementations, so you have options to choose from.

If this seems daunting, it might be worth looking into a consultant: http://www.mikrotik.com/consultants.html
I don't need any karma... I have Ιησους Χριστος!
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: Importing certificate with a script?? need help

Sun Jan 27, 2013 7:26 pm

well, I have a couple 750's connected to a 1100, so I just want to setup scripts on the 1100 to upload a script to the 750 and then run it on the 750 to update, because my certificate expires in 10 years so I want to upload a new certificate every year, I've got 10x 750's on remote places and the amount is growing, all connected over a sstp tunnels
Because the certificate passphrase can't be entered in a script, you'll have to use one of the other options mentioned earlier.

I would use a central server with access to all the routers. It would schedule the uploading of the new certificates and run the necessary API commands to the routers. The nice thing about the API is that there are a number of different implementations, so you have options to choose from.

If this seems daunting, it might be worth looking into a consultant: http://www.mikrotik.com/consultants.html
Ive got a idea, I've made a simple script

/certificate import file-name ca.crt

but ofcourse it wont do anything coz it needs a passphase, is there a way, i can add something in the script so that it can enter the passphase without thinking about it?
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: Importing certificate with a script?? need help

Wed Jan 30, 2013 2:14 am

I tried that too but there doesn't appear to be any way to enter the passphrase after the fact. If you want that feature, you could start a new forum post as a feature request, or email MikroTik support about it.
I don't need any karma... I have Ιησους Χριστος!
 
Ehman
Member
Member
Topic Author
Posts: 363
Joined: Mon Nov 15, 2010 10:49 pm

Re: Importing certificate with a script?? need help

Wed Jan 30, 2013 2:27 am

I tried that too but there doesn't appear to be any way to enter the passphrase after the fact. If you want that feature, you could start a new forum post as a feature request, or email MikroTik support about it.
I've found a way to make it work, but only if you blast the text into the terminal, 123456789123456789 is the example Pass Phrase


/certificate remove cert1
/certificate import file-name=ca.crt
123456789123456789
/certificate import file-name=ca.key
123456789123456789
/log info "certificate imported"
quit
quit


and then after this process I press enter.
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: Importing certificate with a script?? need help

Wed Jan 30, 2013 4:41 am

Nice job finding a solution. Good to know.
I don't need any karma... I have Ιησους Χριστος!

Who is online

Users browsing this forum: No registered users and 10 guests