gettext("Import an existing Certificate"), "internal" => gettext("Create an internal Certificate"), "external" => gettext("Create a Certificate Signing Request")); $cert_keylens = array( "512", "1024", "2048", "4096"); $pgtitle = array(gettext("System"), gettext("Certificate Manager")); $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['ca'])) $config['system']['ca'] = array(); $a_ca =& $config['system']['ca']; if (!is_array($config['system']['cert'])) $config['system']['cert'] = array(); $a_cert =& $config['system']['cert']; $internal_ca_count = 0; foreach ($a_ca as $ca) if ($ca['prv']) $internal_ca_count++; $act = $_GET['act']; if ($_POST['act']) $act = $_POST['act']; if ($act == "del") { if (!$a_cert[$id]) { pfSenseHeader("system_certmanager.php"); exit; } $name = $a_cert[$id]['name']; unset($a_cert[$id]); write_config(); $savemsg = gettext("Certificate")." {$name} ". gettext("successfully deleted")."
"; } if ($act == "new") { $pconfig['method'] = $_GET['method']; $pconfig['keylen'] = "2048"; $pconfig['lifetime'] = "3650"; } if ($act == "exp") { if (!$a_cert[$id]) { pfSenseHeader("system_certmanager.php"); exit; } $exp_name = urlencode("{$a_cert[$id]['name']}.crt"); $exp_data = base64_decode($a_cert[$id]['crt']); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; exit; } if ($act == "key") { if (!$a_cert[$id]) { pfSenseHeader("system_certmanager.php"); exit; } $exp_name = urlencode("{$a_cert[$id]['name']}.key"); $exp_data = base64_decode($a_cert[$id]['prv']); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; exit; } if ($act == "csr") { if (!$a_cert[$id]) { pfSenseHeader("system_certmanager.php"); exit; } $pconfig['name'] = $a_cert[$id]['name']; $pconfig['csr'] = base64_decode($a_cert[$id]['csr']); } if ($_POST) { if ($_POST['save'] == gettext("Save")) { unset($input_errors); $pconfig = $_POST; /* input validation */ if ($pconfig['method'] == "existing") { $reqdfields = explode(" ", "name cert key"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate data"), gettext("Key data")); } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", "name caref keylen lifetime dn_country dn_state dn_city ". "dn_organization dn_email dn_commonname"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Certificate authority"), gettext("Key length"), gettext("Lifetime"), gettext("Distinguished name Country Code"), gettext("Distinguished name State or Province"), gettext("Distinguished name City"), gettext("Distinguished name Organization"), gettext("Distinguished name Email Address"), gettext("Distinguished name Common Name")); } if ($pconfig['method'] == "external") { $reqdfields = explode(" ", "name csr_keylen csr_dn_country csr_dn_state csr_dn_city ". "csr_dn_organization csr_dn_email csr_dn_commonname"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Key length"), gettext("Distinguished name Country Code"), gettext("Distinguished name State or Province"), gettext("Distinguished name City"), gettext("Distinguished name Organization"), gettext("Distinguished name Email Address"), gettext("Distinguished name Common Name")); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } /* save modifications */ if (!$input_errors) { $cert = array(); $cert['refid'] = uniqid(); if (isset($id) && $a_cert[$id]) $cert = $a_cert[$id]; $cert['name'] = $pconfig['name']; if ($pconfig['method'] == "existing") cert_import($cert, $pconfig['cert'], $pconfig['key']); if ($pconfig['method'] == "internal") { $dn = array( 'countryName' => $pconfig['dn_country'], 'stateOrProvinceName' => $pconfig['dn_state'], 'localityName' => $pconfig['dn_city'], 'organizationName' => $pconfig['dn_organization'], 'emailAddress' => $pconfig['dn_email'], 'commonName' => $pconfig['dn_commonname']); cert_create($cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn); } if ($pconfig['method'] == "external") { $dn = array( 'countryName' => $pconfig['csr_dn_country'], 'stateOrProvinceName' => $pconfig['csr_dn_state'], 'localityName' => $pconfig['csr_dn_city'], 'organizationName' => $pconfig['csr_dn_organization'], 'emailAddress' => $pconfig['csr_dn_email'], 'commonName' => $pconfig['csr_dn_commonname']); csr_generate($cert, $pconfig['csr_keylen'], $dn); } if (isset($id) && $a_cert[$id]) $a_cert[$id] = $cert; else $a_cert[] = $cert; write_config(); // pfSenseHeader("system_certmanager.php"); } } if ($_POST['save'] == gettext("Update")) { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "name cert"); $reqdfieldsn = array( gettext("Descriptive name"), gettext("Final Certificate data")); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); /* make sure this csr and certificate subjects match */ $subj_csr = csr_get_subject($pconfig['csr'], false); $subj_cert = cert_get_subject($pconfig['cert'], false); if (strcmp($subj_csr,$subj_cert)) $input_errors[] = sprintf(gettext("The certificate subject '%s' does not match the signing request subject."),$subj_cert); /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } /* save modifications */ if (!$input_errors) { $cert = $a_cert[$id]; $cert['name'] = $pconfig['name']; csr_complete($cert, $pconfig['cert']); $a_cert[$id] = $cert; write_config(); pfSenseHeader("system_certmanager.php"); } } } include("head.inc"); ?> ">


:  
:  
:  
:  
:     ex:  
:     ex:  
bits
:     ex:   US  
:     ex:  
:     ex:  
:     ex:  
:     ex:  
:     ex:  
  " />


  " />
" . gettext("self-signed") . ""; else $caname = "" . gettext("external"). ""; $subj = htmlspecialchars($subj); } if ($cert['csr']) { $subj = htmlspecialchars(csr_get_subject($cert['csr'])); $caname = "" . gettext("external - signature pending") . ""; } $ca = lookup_ca($cert['caref']); if ($ca) $caname = $ca['name']; if($cert['prv']) $certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; else $certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; ?>
CA
    " alt="" width="17" height="17" border="0" /> " alt="" width="17" height="17" border="0" /> ')"> " alt="" width="17" height="17" border="0" />   " alt="" width="17" height="17" border="0" />
" alt="" width="17" height="17" border="0" />