diff options
| author | Chris Buechler <cmb@pfsense.org> | 2009-12-21 02:05:11 -0500 |
|---|---|---|
| committer | Chris Buechler <cmb@pfsense.org> | 2009-12-21 02:05:11 -0500 |
| commit | 0cdaaa8ed83314bd29878fbb33cd7ad8cb5d3a60 (patch) | |
| tree | 6b6db1061950eeaa5fc1e67d6b3dcb7ddb726f23 | |
| parent | 0d7ff22656073a706468ba242a9007ce2a29a54c (diff) | |
| download | pfsense-0cdaaa8ed83314bd29878fbb33cd7ad8cb5d3a60.zip pfsense-0cdaaa8ed83314bd29878fbb33cd7ad8cb5d3a60.tar.gz | |
Generate a certificate at first boot rather than using a default public cert/key pair. Ticket #63
| -rw-r--r-- | etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.crt | 22 | ||||
| -rw-r--r-- | etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.key | 15 | ||||
| -rw-r--r-- | etc/inc/system.inc | 22 |
3 files changed, 13 insertions, 46 deletions
diff --git a/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.crt b/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.crt deleted file mode 100644 index 1f48624..0000000 --- a/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.crt +++ /dev/null @@ -1,22 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDjTCCAvagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMx -ETAPBgNVBAgTCEtlbnR1Y2t5MRMwEQYDVQQHEwpMb3Vpc3ZpbGxlMR4wHAYDVQQK -ExVCU0QgUGVyaW1ldGVyIHBmU2Vuc2UxIzAhBgkqhkiG9w0BCQEWFGNvcmV0ZWFt -QHBmc2Vuc2Uub3JnMRQwEgYDVQQDEwtpbnRlcm5hbC1jYTAeFw0wOTEyMDMwMTMw -MTdaFw0xNTA1MjYwMTMwMTdaMIGUMQswCQYDVQQGEwJVUzERMA8GA1UECBMIS2Vu -dHVja3kxEzARBgNVBAcTCkxvdWlzdmlsbGUxHjAcBgNVBAoTFUJTRCBQZXJpbWV0 -ZXIgcGZTZW5zZTEjMCEGCSqGSIb3DQEJARYUY29yZXRlYW1AcGZzZW5zZS5vcmcx -GDAWBgNVBAMTD3d3dy5wZnNlbnNlLm9yZzCBnzANBgkqhkiG9w0BAQEFAAOBjQAw -gYkCgYEA2uXmubyVleXzt8Nxj19VOiL3FdWL/8xLzVHe5NxTfs02zvmdpqjmcuMa -StY02UkJA24wvOpnoRJu1K6CsEAade7wCm294UjoqVg3wdJq+2yngxeGxrTeQ8d5 -3TvE8QYyjX1Oo+e6fZFadNGqn9NO61RngdGaqcvalv8CwYQpdwECAwEAAaOB8DCB -7TAdBgNVHQ4EFgQUu4/6LXe6HdEO5W6k+bZotCU4zIcwgb0GA1UdIwSBtTCBsoAU -6VqQ9sdA8dRnqX7t9HDQuDJlg32hgZakgZMwgZAxCzAJBgNVBAYTAlVTMREwDwYD -VQQIEwhLZW50dWNreTETMBEGA1UEBxMKTG91aXN2aWxsZTEeMBwGA1UEChMVQlNE -IFBlcmltZXRlciBwZlNlbnNlMSMwIQYJKoZIhvcNAQkBFhRjb3JldGVhbUBwZnNl -bnNlLm9yZzEUMBIGA1UEAxMLaW50ZXJuYWwtY2GCAQAwDAYDVR0TBAUwAwEB/zAN -BgkqhkiG9w0BAQUFAAOBgQCKHCe/RXW+AEyKgMWe22jmC3nQGdNALtRzemftMsud -J01tw8VjJ7JpxxPbg++yiaaAXCgnCdcNtyfa6WG5EekLZWj+ChDUMciKBxWUtgKH -09JywYUbAiOHsL5YuSHhq98HWwzahOAuTRknLCW+vmwx2isk78kTvHHIIK2KHfua -Ow== ------END CERTIFICATE----- diff --git a/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.key b/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.key deleted file mode 100644 index 36b9ddb..0000000 --- a/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDa5ea5vJWV5fO3w3GPX1U6IvcV1Yv/zEvNUd7k3FN+zTbO+Z2m -qOZy4xpK1jTZSQkDbjC86mehEm7UroKwQBp17vAKbb3hSOipWDfB0mr7bKeDF4bG -tN5Dx3ndO8TxBjKNfU6j57p9kVp00aqf007rVGeB0Zqpy9qW/wLBhCl3AQIDAQAB -AoGAKHHkEJtslBa50lFVUSVPLP+64ZjkVi4cL2KaKXUgJESshM+QNnPsqHuXpw4v -E5qwBKc+cBlrblJmkftwgDpH6PyxmZbbQL1LhQdtvBzddqf04KZqXm9rat3plCI3 -pPWJXp4UoP+v1/NITqX/WkMNobqTGLM0qqbwkFQcJiidx8UCQQD/mlD/Sb2rsG/y -kvAVEMVt7I0tEwaGeEGAVJAY4K4OjV2nDtANARfKZiIOCfU0PztpQYLlqAOSnhk9 -1lKdYQK7AkEA2zz7qFIcM/5wLN0AXVvT6WMwtB5dOSmaJmjYx2WUReHb8E+z93Vk -x+Z6KkTCgJ672+jDyHcKBNKL567TurRncwJBAKGaFFnDaprRO4YXZpk6+EgOhheY -bsi34VncnRpNe16R/EMx91IxfbQmrKNJonD9BXf/xl2iw1eAg574EVWVTx8CQHM5 -XdpdLU12UGaD0IlAleN3qkVAICbG4qmFOUmy7Xa8+ecXPLK2FD2ruFE2yjLnOjyd -3SgiyDU4oyclD0p1PlkCQQCeQz1JA68KmHmjKRP6Wv7vcx6KCbShoNXurUstD+i8 -4BCTmrAMf+dWsHxJxSfdi7qFS0J+QHNVtHzF0ldyYClB ------END RSA PRIVATE KEY----- diff --git a/etc/inc/system.inc b/etc/inc/system.inc index 7460f5a..e0cac4c 100644 --- a/etc/inc/system.inc +++ b/etc/inc/system.inc @@ -647,24 +647,28 @@ function system_webgui_start() { if (!is_array($config['system']['cert'])) $config['system']['cert'] = array(); $a_cert =& $config['system']['cert']; - echo "Importing default SSL Certificate... "; - $cert_file = "/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.crt"; - $key_file = "/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.key"; + echo "Creating SSL Certificate... "; + mwexec("openssl genrsa 1024 > /etc/ssl.key"); + mwexec("chmod 400 /etc/ssl.key"); + mwexec("openssl req -new -x509 -nodes -sha1 -days 365 -key /etc/ssl.key > /etc/ssl.crt"); + mwexec("chmod 400 /etc/ssl.crt"); + $cert_file = "/etc/ssl.crt"; + $key_file = "/etc/ssl.key"; if(file_exists($cert_file) && file_exists($key_file)) { $cert = array(); $cert['refid'] = uniqid(); - $cert['name'] = "pfSense webConfigurator default"; - $crt = file_get_contents("/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.crt"); - $key = file_get_contents("/etc/default_ssl_certs/pfSense_webConfigurator_HTTPS_Certificate.key"); + $cert['name'] = "webConfigurator default"; + $crt = file_get_contents($cert_file); + $key = file_get_contents($key_file); cert_import($cert, $crt, $key); $a_cert[] = $cert; $config['system']['webgui']['ssl-certref'] = $cert['refid']; - write_config("Importing default HTTPS certificate from /etc/default_ssl_certs/"); + write_config("Importing HTTPS certificate"); if(!$config['system']['webgui']['port']) $portarg = "443"; $ca = ca_chain($cert); } else { - log_error("ERROR: Could not locate a default certificate file in /etc/default_ssl/certs/ for import $cert_file - $key_file"); + log_error("ERROR: Could not locate a certificate file for import $cert_file - $key_file"); } } else $crt = base64_decode($cert['crt']); @@ -1340,4 +1344,4 @@ function enable_watchdog() { } } -?> +?>
\ No newline at end of file |
