Categories
Mikrotik Security

LetsEncrypt and Mikrotik

Recently there has been some activity on integration with LetsEncrypt and Mikrotik.   WHile Mikrotik does not directly support Letsencrypt directly yet, you can make it work with this setup

https://github.com/gitpel/letsencrypt-routeros

 

 

From the GitHub Page:

How it works:

  • Dedicated Linux renew and push certificates to RouterOS / Mikrotik
  • After CertBot renew your certificates
  • The script connects to RouterOS / Mikrotik using DSA Key (without password or user input)
  • Delete previous certificate files
  • Delete the previous certificate
  • Upload two new files: Certificate and Key
  • Import Certificate and Key
  • Change SSTP Server Settings to use new certificate
  • Delete certificate and key files form RouterOS / Mikrotik storage

While not perfect is a start.

Categories
Security

SHA-1 Certificates EOL

The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to besince at least 2005 — 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper.

That’s why Chrome will start the process of sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39 in November. HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome’s user interface.

https://googleonlinesecurity.blogspot.ro/2015/12/an-update-on-sha-1-certificates-in.html