"Import an existing Certificate", "internal" => "Create an internal Certificate", "external" => "Create a Certificate Signing Request"); $cert_keylens = array( "512", "1024", "2048", "4096"); $pgtitle = array("System", "Certificate Manager"); $id = $_GET['id']; if (isset($_POST['id'])) $id = $_POST['id']; if (!is_array($config['system']['ca'])) $config['system']['ca'] = array(); $a_ca =& $config['system']['ca']; if (!is_array($config['system']['cert'])) $config['system']['cert'] = array(); $a_cert =& $config['system']['cert']; $internal_ca_count = 0; foreach ($a_ca as $ca) if ($ca['prv']) $internal_ca_count++; $act = $_GET['act']; if ($_POST['act']) $act = $_POST['act']; if ($act == "del") { if (!$a_cert[$id]) { pfSenseHeader("system_certmanager.php"); exit; } $name = $a_cert[$id]['name']; unset($a_cert[$id]); write_config(); $savemsg = gettext("Certificate")." {$name} ". gettext("successfully deleted")."
"; } if ($act == "new") { $pconfig['method'] = $_GET['method']; $pconfig['keylen'] = "2048"; $pconfig['lifetime'] = "365"; } if ($act == "exp") { if (!$a_cert[$id]) { pfSenseHeader("system_certmanager.php"); exit; } $exp_name = urlencode("{$a_cert[$id]['name']}.crt"); $exp_data = base64_decode($a_cert[$id]['crt']); $exp_size = strlen($exp_data); header("Content-Type: application/octet-stream"); header("Content-Disposition: attachment; filename={$exp_name}"); header("Content-Length: $exp_size"); echo $exp_data; exit; } if ($act == "csr") { if (!$a_cert[$id]) { pfSenseHeader("system_certmanager.php"); exit; } $pconfig['name'] = $a_cert[$id]['name']; $pconfig['csr'] = base64_decode($a_cert[$id]['csr']); } if ($_POST) { if ($_POST['save'] == "Save") { unset($input_errors); $pconfig = $_POST; /* input validation */ if ($pconfig['method'] == "existing") { $reqdfields = explode(" ", "name cert key"); $reqdfieldsn = explode(",", "Desriptive name,Certificate data,Key data"); } if ($pconfig['method'] == "internal") { $reqdfields = explode(" ", "name caref keylen lifetime dn_country dn_state dn_city ". "dn_organization dn_email dn_commonname"); $reqdfieldsn = explode(",", "Desriptive name,Certificate authority,Key length,Lifetime,". "Distinguished name Country Code,". "Distinguished name State or Province,". "Distinguished name City,". "Distinguished name Organization,". "Distinguished name Email Address,". "Distinguished name Common Name"); } if ($pconfig['method'] == "external") { $reqdfields = explode(" ", "name csr_keylen csr_dn_country csr_dn_state csr_dn_city ". "csr_dn_organization csr_dn_email csr_dn_commonname"); $reqdfieldsn = explode(",", "Desriptive name,Key length,". "Distinguished name Country Code,". "Distinguished name State or Province,". "Distinguished name City,". "Distinguished name Organization,". "Distinguished name Email Address,". "Distinguished name Common Name"); } do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } /* save modifications */ if (!$input_errors) { $cert = array(); $cert['refid'] = uniqid(); if (isset($id) && $a_cert[$id]) $cert = $a_cert[$id]; $cert['name'] = $pconfig['name']; if ($pconfig['method'] == "existing") cert_import($cert, $pconfig['cert'], $pconfig['key']); if ($pconfig['method'] == "internal") { $dn = array( 'countryName' => $pconfig['dn_country'], 'stateOrProvinceName' => $pconfig['dn_state'], 'localityName' => $pconfig['dn_city'], 'organizationName' => $pconfig['dn_organization'], 'emailAddress' => $pconfig['dn_email'], 'commonName' => $pconfig['dn_commonname']); cert_create($cert, $pconfig['caref'], $pconfig['keylen'], $pconfig['lifetime'], $dn); } if ($pconfig['method'] == "external") { $dn = array( 'countryName' => $pconfig['csr_dn_country'], 'stateOrProvinceName' => $pconfig['csr_dn_state'], 'localityName' => $pconfig['csr_dn_city'], 'organizationName' => $pconfig['csr_dn_organization'], 'emailAddress' => $pconfig['csr_dn_email'], 'commonName' => $pconfig['csr_dn_commonname']); csr_generate($cert, $pconfig['csr_keylen'], $dn); } if (isset($id) && $a_cert[$id]) $a_cert[$id] = $cert; else $a_cert[] = $cert; write_config(); // pfSenseHeader("system_certmanager.php"); } } if ($_POST['save'] == "Update") { unset($input_errors); $pconfig = $_POST; /* input validation */ $reqdfields = explode(" ", "name cert"); $reqdfieldsn = explode(",", "Desriptive name,Final Certificate data"); do_input_validation($_POST, $reqdfields, $reqdfieldsn, &$input_errors); /* make sure this csr and certificate subjects match */ $subj_csr = csr_get_subject($pconfig['csr'], false); $subj_cert = cert_get_subject($pconfig['cert'], false); if (strcmp($subj_csr,$subj_cert)) $input_errors[] = gettext("The certificate subject '{$subj_cert}' does not match the signing request subject."); /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); exit; } /* save modifications */ if (!$input_errors) { $cert = $a_cert[$id]; $cert['name'] = $pconfig['name']; csr_complete($cert, $pconfig['cert']); $a_cert[$id] = $cert; write_config(); pfSenseHeader("system_certmanager.php"); } } } include("head.inc"); ?> ">
Existing Certificate
Certificate data
Paste a certificate in X.509 PEM format here.
Private key data
Paste a private key in X.509 PEM format here.
Internal Certificate
No internal Certificate Authorities have been defined. You must create an internal CA before creating an internal certificate.
bits
days
Country Code :  
State or Province :  
City :  
Organization :  
Email Address :     ex:   webadmin@mycompany.com
Common Name :     ex:   www.pfsense.org
External Signing Request
bits
Country Code :     ex:   US   ( two letters )
State or Province :     ex:   Texas
City :     ex:   Austin
Organization :     ex:   My Company Inc.
Email Address :     ex:   webadmin@mycompany.com
Common Name :     ex:   www.pfsense.org
 
Complete Signing Request
Signing Request data
Copy the certificate signing data from here and forward it to your certificate authority for singing.
Final Certificate data
Paste the certificate received from your cerificate authority here.
 
external"; } if ($cert['csr']) { $subj = htmlspecialchars(csr_get_subject($cert['csr'])); $caname = "external - signature pending"; } $ca = lookup_ca($cert['caref']); if ($ca) $caname = $ca['name']; if($cert['prv']) $certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; else $certimg = "/themes/{$g['theme']}/images/icons/icon_frmfld_cert.png"; ?>
Name CA Distinguished Name
CA
    export ca ')"> delete cert   update csr
add ca