Ubiquiti removed keytool (and java) from recent releases of Unifi OS. This moves from keytool to openssl's native pkcs12.
Tested on Unifi Dream Machine which runs Unifi OS and a built-in Unifi controller.
Also added backup of existing files prior to change in case anything goes wrong, and update system configuration with compatible ciphers.
In the case where importing the cert and key removes the files from disk
the existing deploy will fail when it tries to remove those files. This
still attempts to remove the files but catches the error and moves on instead
of bombing like before.
Similarly, if the deploy had failed before, subsequent deploys would fail
because the script already existed, so it would not be able to create
the script. This first attempts to remove the script if it exists, and then
creates the script.
In order to stop processing on failure to copy certificate
to remote side, fail on error of scp command.
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
In order to detect errorneous scripts on remote side, catch return code
and handle it respectively.
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
Reviewed-by: Ross Shen @sjtuross
This set the owner of script to ssh user, have the comment line in script
as real comment and removes policy since this is set from current user,
at least for RouterOS 7.x.
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
As the script is applying the fullchain which includes three certificates,
delete all of them before applying updated certificate.
Signed-off-by: Andreas Bießmann <andreas@biessmann.org>
3VAbdAVE
Nathan Johnson
Dario Pilori
Andreas Bießmann
Mac_Zhou
Ross Shen
Charlie Garrison
Peter Dave Hello
Pål Håland