Code: Select all
{
:do {
:local verifySSL
:set verifySSL "yes"
:if ([:len [/certificate/find name~"cacert_update.pem_"]] = 0) do={
:log warning ("System has no certificate store - seeding without TLS verification");
:set verifySSL "no"
}
/tool/fetch url="https://mkcert.org/generate/" check-certificate=$verifySSL dst-path=cacert_update.pem;
/certificate/remove [ find where authority expired ];
/certificate/import file-name=cacert_update.pem passphrase="";
/file/remove cacert_update.pem;
:log info ("Updated certificate trust store");
} on-error={
:log error ("Failed to update certificate trust store");
};
}
- read: ok, makes sense
- write: sure, why not
- test: maybe...
- sniff
- reboot