summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--etc/inc/certs.inc4
-rw-r--r--usr/local/www/system_camanager.php33
2 files changed, 35 insertions, 2 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc
index 88fb2b9..6d48e55 100644
--- a/etc/inc/certs.inc
+++ b/etc/inc/certs.inc
@@ -101,10 +101,12 @@ function ca_chain(& $cert) {
return "";
}
-function ca_import(& $ca, $str) {
+function ca_import(& $ca, $str, $key="") {
global $config;
$ca['crt'] = base64_encode($str);
+ if (!empty($key))
+ $ca['prv'] = base64_encode($key);
$subject = cert_get_subject($str, false);
$issuer = cert_get_issuer($str, false);
diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php
index 0ca9494..7aae43e 100644
--- a/usr/local/www/system_camanager.php
+++ b/usr/local/www/system_camanager.php
@@ -110,6 +110,24 @@ if ($act == "exp") {
exit;
}
+if ($act == "expkey") {
+
+ if (!$a_ca[$id]) {
+ pfSenseHeader("system_camanager.php");
+ exit;
+ }
+
+ $exp_name = urlencode("{$a_ca[$id]['name']}.key");
+ $exp_data = base64_decode($a_ca[$id]['prv']);
+ $exp_size = strlen($exp_data);
+
+ header("Content-Type: application/octet-stream");
+ header("Content-Disposition: attachment; filename={$exp_name}");
+ header("Content-Length: $exp_size");
+ echo $exp_data;
+ exit;
+}
+
if ($_POST) {
unset($input_errors);
@@ -157,7 +175,7 @@ if ($_POST) {
$ca['name'] = $pconfig['name'];
if ($pconfig['method'] == "existing")
- ca_import($ca, $pconfig['cert']);
+ ca_import($ca, $pconfig['cert'], $pconfig['key']);
if ($pconfig['method'] == "internal")
{
@@ -275,6 +293,14 @@ function method_change() {
<?=gettext("Paste a certificate in X.509 PEM format here.");?></td>
</td>
</tr>
+ <tr>
+ <td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Private Key");?><br/><?=gettext("(optional)");?></td>
+ <td width="78%" class="vtable">
+ <textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=$pconfig['key'];?></textarea>
+ <br>
+ <?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?></td>
+ </td>
+ </tr>
</table>
<table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal">
@@ -457,6 +483,11 @@ function method_change() {
<a href="system_camanager.php?act=exp&id=<?=$i;?>")">
<img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" />
</a>
+ <?php if ($ca['prv']): ?>
+ <a href="system_camanager.php?act=expkey&id=<?=$i;?>")">
+ <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca private key");?>" alt="<?=gettext("export ca private key");?>" width="17" height="17" border="0" />
+ </a>
+ <?php endif; ?>
<a href="system_camanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Authority and all associated certificates?");?>')">
<img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete ca");?>" alt="<?=gettext("delete ca"); ?>" width="17" height="17" border="0" />
</a>
OpenPOWER on IntegriCloud