diff options
| -rw-r--r-- | etc/inc/certs.inc | 4 | ||||
| -rw-r--r-- | usr/local/www/system_camanager.php | 33 |
2 files changed, 35 insertions, 2 deletions
diff --git a/etc/inc/certs.inc b/etc/inc/certs.inc index 88fb2b9..6d48e55 100644 --- a/etc/inc/certs.inc +++ b/etc/inc/certs.inc @@ -101,10 +101,12 @@ function ca_chain(& $cert) { return ""; } -function ca_import(& $ca, $str) { +function ca_import(& $ca, $str, $key="") { global $config; $ca['crt'] = base64_encode($str); + if (!empty($key)) + $ca['prv'] = base64_encode($key); $subject = cert_get_subject($str, false); $issuer = cert_get_issuer($str, false); diff --git a/usr/local/www/system_camanager.php b/usr/local/www/system_camanager.php index 0ca9494..7aae43e 100644 --- a/usr/local/www/system_camanager.php +++ b/usr/local/www/system_camanager.php @@ -110,6 +110,24 @@ if ($act == "exp") { exit; } +if ($act == "expkey") { + + if (!$a_ca[$id]) { + pfSenseHeader("system_camanager.php"); + exit; + } + + $exp_name = urlencode("{$a_ca[$id]['name']}.key"); + $exp_data = base64_decode($a_ca[$id]['prv']); + $exp_size = strlen($exp_data); + + header("Content-Type: application/octet-stream"); + header("Content-Disposition: attachment; filename={$exp_name}"); + header("Content-Length: $exp_size"); + echo $exp_data; + exit; +} + if ($_POST) { unset($input_errors); @@ -157,7 +175,7 @@ if ($_POST) { $ca['name'] = $pconfig['name']; if ($pconfig['method'] == "existing") - ca_import($ca, $pconfig['cert']); + ca_import($ca, $pconfig['cert'], $pconfig['key']); if ($pconfig['method'] == "internal") { @@ -275,6 +293,14 @@ function method_change() { <?=gettext("Paste a certificate in X.509 PEM format here.");?></td> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Private Key");?><br/><?=gettext("(optional)");?></td> + <td width="78%" class="vtable"> + <textarea name="key" id="key" cols="65" rows="7" class="formfld_cert"><?=$pconfig['key'];?></textarea> + <br> + <?=gettext("Paste the private key for the above certificate here. This is optional in most cases, but required if you need to generate a Certificate Revocation List (CRL).");?></td> + </td> + </tr> </table> <table width="100%" border="0" cellpadding="6" cellspacing="0" id="internal"> @@ -457,6 +483,11 @@ function method_change() { <a href="system_camanager.php?act=exp&id=<?=$i;?>")"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca");?>" alt="<?=gettext("export ca");?>" width="17" height="17" border="0" /> </a> + <?php if ($ca['prv']): ?> + <a href="system_camanager.php?act=expkey&id=<?=$i;?>")"> + <img src="/themes/<?= $g['theme'];?>/images/icons/icon_down.gif" title="<?=gettext("export ca private key");?>" alt="<?=gettext("export ca private key");?>" width="17" height="17" border="0" /> + </a> + <?php endif; ?> <a href="system_camanager.php?act=del&id=<?=$i;?>" onclick="return confirm('<?=gettext("Do you really want to delete this Certificate Authority and all associated certificates?");?>')"> <img src="/themes/<?= $g['theme'];?>/images/icons/icon_x.gif" title="<?=gettext("delete ca");?>" alt="<?=gettext("delete ca"); ?>" width="17" height="17" border="0" /> </a> |
