The problem is if something fails inside the child do loop, it is not caught by its own on-error section but rather it goes directly to the on-error section of the mother. can anyone help me out to solve the issue?
One possible way to solve the issue is to increase the script action timeout so that the certificates gets signed or may be some special command which will ensure that the certificates are signed regardless of the timeout.
I have posted the script for your reproduction. Thanks a lot for your time and help.
Code: Select all
{; # BeginOfScript
######################################################################
###Identity: Generate SSH Keys And Certificates Script
###Author: Tahasanul Abraham
###Created: Apr 18 2023
###Last Edited: May 05 2023
###Compatible Versions: ROS 7.x
###Tested on: ROS 7.0 - 7.9
######################################################################
:do {
:local ServerName ("XXXXXXXX")
:local CertificateValidityDays (18250)
:local CertificatePassword ("XXXXXXX")
:local KeySize (8192)
/ip/ssh/ set allow-none-crypto=no always-allow-password-login=yes strong-crypto=yes forwarding-enabled=remote host-key-size=$KeySize
:do {
/ip/ssh/ regenerate-host-key
} on-error={
:log error ("** Generate SSH Keys And Certificates Script ** Waiting for $ServerName_SSH key generation")
}; # EndDo
/ip/ssh/ export-host-key key-file-prefix="$ServerName_SSH"
/certificate/ add name="$ServerName_CA" common-name="$ServerName_CA" days-valid=$CertificateValidityDays key-size=$KeySize key-usage=crl-sign,key-cert-sign
/certificate/ add name="$ServerName_Server" common-name="$ServerName_Server" days-valid=$CertificateValidityDays key-size=$KeySize key-usage=digital-signature,key-encipherment,tls-server
/certificate/ add name="$ServerName_Client" common-name="$ServerName_Client" days-valid=$CertificateValidityDays key-size=$KeySize key-usage=tls-client
:do {
/certificate/ sign "$ServerName_CA" name="$ServerName_CA-Certificate"
} on-error={
:log error ("** Generate SSH Keys And Certificates Script ** Waiting for $ServerName_CA-Certificate signing")
}; # EndDo
:do {
/certificate/ sign "$ServerName_Server" name="$ServerName_Server-Certificate" ca="$ServerName_CA-Certificate"
} on-error={
:log error ("** Generate SSH Keys And Certificates Script ** Waiting for $ServerName_Server-Certificate signing")
}; # EndDo
:do {
/certificate/ sign "$ServerName_Client" name="$ServerName_Client-Certificate" ca="$ServerName_CA-Certificate"
} on-error={
:log error ("** Generate SSH Keys And Certificates Script ** Waiting for $ServerName_Client-Certificate signing")
}; # EndDo
/certificate/ export-certificate "$ServerName_CA-Certificate" export-passphrase=$CertificatePassword file-name="$ServerName_CA-Certificate"
/certificate/ export-certificate "$ServerName_Client-Certificate" export-passphrase=$CertificatePassword file-name="$ServerName_Client-Certificate"
:log warning ("** Generate SSH Keys And Certificates Script ** Completed")
} on-error={
:log error ("** Generate SSH Keys And Certificates Script ** Failed")
}; # EndDo
}; #EndOfScript