diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-03-15 12:30:21 -0400 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-03-15 12:30:21 -0400 |
commit | 55047259ec343e5522cd76d4be0f8d470a9b702d (patch) | |
tree | 60048d9755c9cbb3f9e2f328942bc45ca71186e0 /src/usr/local | |
parent | d520da3142dd9bd7e48127d2cf2e717c38bf85d2 (diff) | |
download | pfsense-55047259ec343e5522cd76d4be0f8d470a9b702d.zip pfsense-55047259ec343e5522cd76d4be0f8d470a9b702d.tar.gz |
Add the ability to save a private key with the newly signed cert
Diffstat (limited to 'src/usr/local')
-rw-r--r-- | src/usr/local/www/system_certmanager.php | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/src/usr/local/www/system_certmanager.php b/src/usr/local/www/system_certmanager.php index 5475841..fa52c86 100644 --- a/src/usr/local/www/system_certmanager.php +++ b/src/usr/local/www/system_certmanager.php @@ -222,6 +222,12 @@ if ($_POST['save']) { if (($_POST['csrtosign'] === "new") && (!strstr($_POST['csrpaste'], "BEGIN CERTIFICATE REQUEST") || !strstr($_POST['csrpaste'], "END CERTIFICATE REQUEST"))) { $input_errors[] = gettext("This signing request does not appear to be valid."); } + + if ( (($_POST['csrtosign'] === "new") && (strlen($_POST['keypaste']) > 0)) && (!strstr($_POST['keypaste'], "BEGIN PRIVATE KEY") || !strstr($_POST['keypaste'], "END PRIVATE KEY"))) { + $input_errors[] = gettext("This private does not appear to be valid."); + $input_errors[] = gettext("Key data field should be blank, or a valid x509 private key"); + } + } if ($pconfig['method'] == "import") { @@ -234,6 +240,7 @@ if ($_POST['save']) { if ($_POST['cert'] && (!strstr($_POST['cert'], "BEGIN CERTIFICATE") || !strstr($_POST['cert'], "END CERTIFICATE"))) { $input_errors[] = gettext("This certificate does not appear to be valid."); } + if (cert_get_modulus($_POST['cert'], false) != prv_get_modulus($_POST['key'], false)) { $input_errors[] = gettext("The submitted private key does not match the submitted certificate data."); } @@ -405,7 +412,12 @@ if ($_POST['save']) { $newcert['descr'] = $pconfig['descr']; $newcert['type'] = $type; $newcert['crt'] = base64_encode($n509); - $newcert['prv'] = $csrid['prv']; + + if ($pconfig['csrtosign'] === "new") { + $newcert['prv'] = $pconfig['keypaste']; + } else { + $newcert['prv'] = $csrid['prv']; + } // Add it to the config file $config['cert'][] = $newcert; @@ -698,6 +710,12 @@ if ($act == "new" || (($_POST['save'] == gettext("Save")) && $input_errors)) { $pconfig['csrpaste'] ))->setHelp('Paste a Certificate Signing Request in X.509 PEM format here.'); + $section->addInput(new Form_Textarea( + 'keypaste', + 'Key data', + $pconfig['keypaste'] + ))->setHelp('Optionally paste a private key here. The key will be associated with the newly signed certificate in pfSense'); + $form->add($section); $section = new Form_Section('Import Certificate'); @@ -1244,6 +1262,7 @@ events.push(function() { var newcsr = ($('#csrtosign').val() == "new"); $('#csrpaste').attr('readonly', !newcsr); + $('#keypaste').attr('readonly', !newcsr); setRequired('csrpaste', newcsr); } |