RANCID (v3) vs Fortigate – the patch!

Been doing some battles with RANCID sending emails every hour about updated keys.

Like this:

        set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates."
        set private-key "-----BEGIN ENCRYPTED PRIVATE KEY-----

So I have seen this via my lab (every hour..) and at the day job so I finally decided to dig into it. It did help that I finally read the first line: BEGIN ENCRYPTED PRIVATE KEY is not the same as BEGIN RSA PRIVATE KEY and once I read that then making a patch was quick and easy.

I also updated fnrancid to pick up the hardware of the unit being queried in case hardware changes out later in life. There is also a comment included in case you want to have reported revisions as the different engines update their databases. I have it turned off by default.

You can download the patch here.