diff options
author | Scott Ullrich <sullrich@pfsense.org> | 2004-11-22 19:55:54 +0000 |
---|---|---|
committer | Scott Ullrich <sullrich@pfsense.org> | 2004-11-22 19:55:54 +0000 |
commit | 6e4a97ca77f0b30a1219f459b9f5628ad86320f8 (patch) | |
tree | f8c3509c29a9f9e65a8649d78931774d8e0476a4 /usr/local/www/system_advanced_create_certs.php | |
parent | 2479c9817ed0ead49105f83487e72072ec9e7cc9 (diff) | |
download | pfsense-6e4a97ca77f0b30a1219f459b9f5628ad86320f8.zip pfsense-6e4a97ca77f0b30a1219f459b9f5628ad86320f8.tar.gz |
Fix certificate creation .... again.
Diffstat (limited to 'usr/local/www/system_advanced_create_certs.php')
-rwxr-xr-x | usr/local/www/system_advanced_create_certs.php | 56 |
1 files changed, 55 insertions, 1 deletions
diff --git a/usr/local/www/system_advanced_create_certs.php b/usr/local/www/system_advanced_create_certs.php index 0c4b94d..388bb63 100755 --- a/usr/local/www/system_advanced_create_certs.php +++ b/usr/local/www/system_advanced_create_certs.php @@ -67,7 +67,12 @@ if ($_POST) { fwrite($fd, "[ req ]\n"); fwrite($fd, "distinguished_name=req_distinguished_name \n"); fwrite($fd, "req_extensions = v3_req \n"); - fwrite($fd, "prompt=no \n"); + fwrite($fd, "prompt=no\n"); + fwrite($fd, "default_bits = 1024\n"); + fwrite($fd, "default_keyfile = privkey.pem\n"); + fwrite($fd, "distinguished_name = req_distinguished_name\n"); + fwrite($fd, "attributes = req_attributes\n"); + fwrite($fd, "x509_extensions = v3_ca # The extentions to add to the self signed cert\n"); fwrite($fd, "[ req_distinguished_name ] \n"); fwrite($fd, "C=" . $countrycode . " \n"); fwrite($fd, "ST=" . $stateorprovince. " \n"); @@ -81,6 +86,55 @@ if ($_POST) { fwrite($fd, "basicConstraints = critical,CA:FALSE \n"); fwrite($fd, "keyUsage = nonRepudiation, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement \n"); fwrite($fd, "extendedKeyUsage=emailProtection,clientAuth \n"); + fwrite($fd, "[ ca ]\n"); + fwrite($fd, "default_ca = CA_default\n"); + fwrite($fd, "[ CA_default ]\n"); + fwrite($fd, "certificate = /tmp/cacert.pem \n"); + fwrite($fd, "private_key = /tmp/cakey.pem \n"); + fwrite($fd, "dir = /tmp/\n"); + fwrite($fd, "certs = /tmp/certs\n"); + fwrite($fd, "crl_dir = /tmp/crl\n"); + fwrite($fd, "database = /tmp/index.txt \n"); + fwrite($fd, "new_certs_dir = /tmp/newcerts \n"); + fwrite($fd, "serial = /tmp/serial \n"); + fwrite($fd, "crl = /tmp/crl.pem \n"); + fwrite($fd, "RANDFILE = /tmp/.rand \n"); + fwrite($fd, "x509_extensions = usr_cert \n"); + fwrite($fd, "name_opt = ca_default \n"); + fwrite($fd, "cert_opt = ca_default \n"); + fwrite($fd, "default_days = 365 \n"); + fwrite($fd, "default_crl_days = 30 \n"); + fwrite($fd, "default_md = md5 \n"); + fwrite($fd, "preserve = no \n"); + fwrite($fd, "policy = policy_match\n"); + fwrite($fd, "[ policy_match ]\n"); + fwrite($fd, "countryName = match\n"); + fwrite($fd, "stateOrProvinceName = match\n"); + fwrite($fd, "organizationName = match\n"); + fwrite($fd, "organizationalUnitName = optional\n"); + fwrite($fd, "commonName = supplied\n"); + fwrite($fd, "emailAddress = optional\n"); + fwrite($fd, "[ policy_anything ]\n"); + fwrite($fd, "countryName = optional\n"); + fwrite($fd, "stateOrProvinceName = optional\n"); + fwrite($fd, "localityName = optional\n"); + fwrite($fd, "organizationName = optional\n"); + fwrite($fd, "organizationalUnitName = optional\n"); + fwrite($fd, "commonName = supplied\n"); + fwrite($fd, "emailAddress = optional\n"); + fwrite($fd, "[ req_distinguished_name ]\n"); + fwrite($fd, "countryName = US\n"); + fwrite($fd, "[ req_attributes ]\n"); + fwrite($fd, "challengePassword = A challenge password\n"); + fwrite($fd, "unstructuredName = An optional company name\n"); + fwrite($fd, "[ usr_cert ]\n"); + fwrite($fd, "basicConstraints=CA:FALSE\n"); + fwrite($fd, "[ v3_ca ]\n"); + fwrite($fd, "subjectKeyIdentifier=hash\n"); + fwrite($fd, "authorityKeyIdentifier=keyid:always,issuer:always\n"); + fwrite($fd, "basicConstraints = CA:true\n"); + fwrite($fd, "[ crl_ext ]\n"); + fwrite($fd, "authorityKeyIdentifier=keyid:always,issuer:always\n"); fclose($fd); ?> |