deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More formatting

Browse Source
This commit is contained in:
John Crisp
2021-03-07 18:56:21 +01:00
parent 431786fa36
commit d95ee329f5
3 changed files with 398 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

192
ca/manage_certs.php
View File

@@ -6,14 +6,14 @@ include('../include/my_functions.php');
include('../include/common.php'); include('../include/common.php');
include('../include/openssl_functions.php'); include('../include/openssl_functions.php');
$stage = gpvar('stage'); $stage = gpvar('stage');
$serial = gpvar('serial'); $serial = gpvar('serial');
$sortfield = gpvar('sortfield'); $sortfield = gpvar('sortfield');
$ascdec = gpvar('ascdec'); $ascdec = gpvar('ascdec');
$passwd = gpvar('passwd'); $passwd = gpvar('passwd');
$expiry = gpvar('expiry'); $expiry = gpvar('expiry');
$submit = gpvar('submit'); $submit = gpvar('submit');
$dl_type = gpvar('dl_type'); $dl_type = gpvar('dl_type');
$search = gpvar('search'); $search = gpvar('search');
$show_valid = gpvar('show_valid'); $show_valid = gpvar('show_valid');
@@ -49,10 +49,10 @@ switch ($stage) {
case 'display': case 'display':
printHeader(false); printHeader(false);
?> ?>
<center><h2>Certificate Details</h2></center> <center><h2>Certificate Details</h2></center>
<center><font color="#0000AA"><h3>(#<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center> <center><font color="#0000AA"><h3>(#<?php echo $serial?>)<br><?php echo htvar(CA_cert_cname($serial).' <'.CA_cert_email($serial).'>')?> </h3></font></center>
<?php <?php
if ($revoke_date = CAdb_is_revoked($serial)) { if ($revoke_date = CAdb_is_revoked($serial)) {
@@ -68,7 +68,7 @@ switch ($stage) {
$rec = CAdb_get_entry($serial); $rec = CAdb_get_entry($serial);
?> ?>
<h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3> <h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3>
<h3><font color="red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</font></h3> <h3><font color="red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</font></h3>
<form action="<?php echo $PHP_SELF.'?stage=download&serial='.$serial.'&'.$qstr_sort.'&'.$qstr_filter?>" method="post"> <form action="<?php echo $PHP_SELF.'?stage=download&serial='.$serial.'&'.$qstr_sort.'&'.$qstr_filter?>" method="post">
<strong>File type: </strong> <strong>File type: </strong>
@@ -141,14 +141,14 @@ switch ($stage) {
print ' print '
<td> <td>
'.htvar($rec['serial']).'<br> '.htvar($rec['serial']).'<br>
'.htvar($rec['common_name']).'<br> '.htvar($rec['common_name']).'<br>
'.htvar($rec['email']).'<br> '.htvar($rec['email']).'<br>
'.htvar($rec['organization']).'<br> '.htvar($rec['organization']).'<br>
'.htvar($rec['unit']).'<br> '.htvar($rec['unit']).'<br>
'.htvar($rec['locality']).'<br> '.htvar($rec['locality']).'<br>
'.htvar($rec['province']).'<br> '.htvar($rec['province']).'<br>
'.htvar($rec['country']).'<br> '.htvar($rec['country']).'<br>
</td> </td>
</tr></table> </tr></table>
<h4>Are you sure?</h4> <h4>Are you sure?</h4>
@@ -158,7 +158,7 @@ switch ($stage) {
<input type=submit name=submit value=Yes >&nbsp <input type=submit name=submit value=Yes >&nbsp
<input type=submit name=submit value=Cancel> <input type=submit name=submit value=Cancel>
</form>'; </form>';
break; break;
case 'revoke': case 'revoke':
@@ -177,11 +177,11 @@ switch ($stage) {
<blockquote> <blockquote>
<h3>Debug Info:</h3> <h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre> <pre><?php echo $errtxt?></pre>
</blockquote> </blockquote>
<p> <p>
<input type=submit name=submit value=Back> <input type=submit name=submit value=Back>
<p> <p>
</form> </form>
<?php <?php
} else { } else {
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter"); header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
@@ -214,79 +214,78 @@ switch ($stage) {
<body onLoad="self.focus();document.form.passwd.focus();"> <body onLoad="self.focus();document.form.passwd.focus();">
<form action="<?php echo $PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form> <form action="<?php echo $PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form>
<table width=99%> <table width=99%>
<th colspan="2"><h3>Certificate Renewal Form</h3></th> <th colspan="2"><h3>Certificate Renewal Form</h3></th>
<tr> <tr>
<td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td> <td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td>
</tr> </tr>
<tr>
<td width="25%">Common Name </td>
<td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr> <tr>
<td>E-mail Address </td> <td width="25%">Common Name </td>
<td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td> <td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr> </tr>
<tr> <tr>
<td>Organization </td> <td>E-mail Address </td>
<td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td> <td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td>
</tr> </tr>
<tr> <tr>
<td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td> <td>Organization </td>
</tr> <td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td>
</tr>
<tr> <tr>
<td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td> <td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td>
</tr> </tr>
<tr> <tr>
<td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td> <td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td>
</tr> </tr>
<tr> <tr>
<td>Country</td> <td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td>
<td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td> </tr>
</tr>
<tr> <tr>
<td>Certificate Password </td> <td>Country</td>
<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td> <td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td>
</tr> </tr>
<tr> <tr>
<td>Certificate Life </td> <td>Certificate Password </td>
<td><select name=expiry> <td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
<?php </tr>
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ; <tr>
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ; <td>Certificate Life </td>
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ; <td><select name=expiry>
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?> <?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
</select></td>
</tr>
<tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
<?php <?php
printFooter(); printFooter();
@@ -297,7 +296,7 @@ switch ($stage) {
if ($submit == "Submit Request") { if ($submit == "Submit Request") {
list($ret, $errtxt) = CA_renew_cert($serial, $expiry, $passwd); list($ret, $errtxt) = CA_renew_cert($serial, $expiry, $passwd);
} }
if (! $ret) { if (! $ret) {
printHeader('ca'); printHeader('ca');
@@ -309,12 +308,12 @@ switch ($stage) {
<blockquote> <blockquote>
<h3>Debug Info:</h3> <h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre> <pre><?php echo $errtxt?></pre>
</blockquote> </blockquote>
<p> <p>
<input type="submit" name="submit" value="Back"> <input type="submit" name="submit" value="Back">
<p> <p>
</form> </form>
<?php <?php
} else { } else {
header("Location: $PHP_SELF?$qstr_sort&$qstr_filter"); header("Location: $PHP_SELF?$qstr_sort&$qstr_filter");
} }
@@ -323,8 +322,8 @@ switch ($stage) {
default: default:
printHeader('ca'); printHeader('ca');
?> ?>
<body onLoad="self.focus();document.filter.search.focus();"> <body onLoad="self.focus();document.filter.search.focus();">
<table style="margin:0 auto"> <table style="margin:0 auto">
<tr><th colspan=9><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr> <tr><th colspan=9><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr>
@@ -342,6 +341,7 @@ switch ($stage) {
</form> </form>
</center></td> </center></td>
</tr> </tr>
<?php <?php
if (! $sortfield) { if (! $sortfield) {
@@ -358,7 +358,7 @@ switch ($stage) {
} }
print '<tr>'; print '<tr>';
$headings = array( $headings = array(
'status'=>"Status", 'issued'=>"Issued", 'expires'=>"Expires", 'status'=>"Status", 'issued'=>"Issued", 'expires'=>"Expires",
'common_name'=>"User's Name", 'email'=>"E-mail", 'common_name'=>"User's Name", 'email'=>"E-mail",
@@ -392,7 +392,7 @@ switch ($stage) {
$stcolor = array('Valid'=>'green','Revoked'=>'red','Expired'=>'orange'); $stcolor = array('Valid'=>'green','Revoked'=>'red','Expired'=>'orange');
foreach ($db as $rec) { foreach ($db as $rec) {
print '<tr style="font-size: 11px;"> print '<tr style="font-size: 11px;">
<td><font color='.$stcolor[$rec['status']].'><b>' .$rec[status].'</b></font></td> <td><font color='.$stcolor[$rec['status']].'><b>' .$rec[status].'</b></font></td>
<td style="white-space: nowrap">'.$rec['issued'].'</td> <td style="white-space: nowrap">'.$rec['issued'].'</td>
<td style="white-space: nowrap">'.$rec['expires'].'</td> <td style="white-space: nowrap">'.$rec['expires'].'</td>

221
ca/request_cert.php
View File

@@ -124,7 +124,7 @@ switch ($form_stage) {
printHeader(); printHeader();
?> ?>
<form action='<?php echo $PHP_SELF?>' method=post> <form action='<?php echo $PHP_SELF?>' method=post>
<input type=submit name=submit value='Go Back'> <input type=submit name=submit value='Go Back'>
<font color=#ff0000><?php echo $er?></font> <font color=#ff0000><?php echo $er?></font>
<br><input type=submit name=submit value='Go Back'> <br><input type=submit name=submit value='Go Back'>
@@ -220,14 +220,14 @@ switch ($form_stage) {
# Save user's defaults # Save user's defaults
$fp = fopen($user_cnf, 'w'); $fp = fopen($user_cnf, 'w');
$x = '<?php $x = '<?php
$country = \''.addslashes($country).'\'; $country = \''.addslashes($country).'\';
$locality = \''.addslashes($locality).'\'; $locality = \''.addslashes($locality).'\';
$province = \''.addslashes($province).'\'; $province = \''.addslashes($province).'\';
$organization = \''.addslashes($organization).'\'; $organization = \''.addslashes($organization).'\';
$unit = \''.addslashes($unit).'\'; $unit = \''.addslashes($unit).'\';
$expiry = \''.addslashes($expiry).'\'; $expiry = \''.addslashes($expiry).'\';
$keysize = \''.addslashes($keysize).'\'; $keysize = \''.addslashes($keysize).'\';
?>'; ?>';
fwrite($fp, $x); fwrite($fp, $x);
fclose($fp); fclose($fp);
@@ -336,110 +336,109 @@ switch ($form_stage) {
<body onLoad="self.focus();document.request.common_name.focus();document.request.cert_type.onchange();"> <body onLoad="self.focus();document.request.common_name.focus();document.request.cert_type.onchange();">
<form action="<?php echo $PHP_SELF?>" method=post name=request> <form action="<?php echo $PHP_SELF?>" method=post name=request>
<table width=99%> <table width=99%>
<th colspan=2><h3>Certificate Request Form</h3></th> <th colspan=2><h3>Certificate Request Form</h3></th>
<tr> <tr>
<td width=30%>Common Name<font color=red size=3>*</font><br>(i.e. User real name or computer hostname - used as SubjectAltName)</td> <td width=30%>Common Name<font color=red size=3> *</font><br>(i.e. User real name or computer hostname - used as SubjectAltName)</td>
<td><input type=text name=common_name value="<?php echo htvar($common_name)?>" size=50 maxlength=60></td> <td><input type=text name=common_name value="<?php echo htvar($common_name)?>" size=50 maxlength=60></td>
</tr> </tr>
<tr> <tr>
<td>E-mail Address <font color=red size=3>*</font></td> <td>E-mail Address<font color=red size=3> *</font></td>
<td><input type=text name=email value="<?php echo htvar($email)?>" size=50 maxlength=60></td> <td><input type=text name=email value="<?php echo htvar($email)?>" size=50 maxlength=60></td>
</tr> </tr>
<tr> <tr>
<td>Organization (Company/Agency)<font color=red size=3>*</font></td> <td>Organization (Company/Agency)<font color=red size=3> *</font></td>
<td><input type=text name=organization value="<?php echo htvar($organization)?>" size=60 maxlength=60></td> <td><input type=text name=organization value="<?php echo htvar($organization)?>" size=60 maxlength=60></td>
</tr> </tr>
<tr> <tr>
<td>Department/Unit<font color=red size=3>*</font> </td><td><input type=text name=unit value="<?php echo htvar($unit) ?>" size=40 maxlength=60></td> <td>Department/Unit<font color=red size=3> *</font> </td><td><input type=text name=unit value="<?php echo htvar($unit) ?>" size=40 maxlength=60></td>
</tr> </tr>
<tr> <tr>
<td>Locality (City/County)<font color=red size=3>*</font></td><td><input type=text name=locality value="<?php echo htvar($locality) ?>" size=30 maxlength=30></td> <td>Locality (City/County)<font color=red size=3> *</font></td><td><input type=text name=locality value="<?php echo htvar($locality) ?>" size=30 maxlength=30></td>
</tr> </tr>
<tr> <tr>
<td>State/Province<font color=red size=3>*</font></td><td><input type=text name=province value="<?php echo htvar($province) ?>" size=30 maxlength=30></td> <td>State/Province<font color=red size=3> *</font></td><td><input type=text name=province value="<?php echo htvar($province) ?>" size=30 maxlength=30></td>
</tr> </tr>
<tr> <tr>
<td>Country<font color=red size=3>*</font></td> <td>Country<font color=red size=3> *</font></td>
<td><input type=text name=country value="<?php echo htvar($country) ?>" size=2 maxlength=2></td> <td><input type=text name=country value="<?php echo htvar($country) ?>" size=2 maxlength=2></td>
</tr> </tr>
<tr> <tr>
<td>Certificate Password<font color=red size=3>*</font><br>(Mandatory for Email,SSL Client,Code signing)</td> <td>Certificate Password<font color=red size=3> *</font><br>(Min 8 chars - Mandatory for Email,SSL Client,Code signing)</td>
<td><input type=password name=passwd value="<?php echo htvar($passwd) ?>" size=30>&nbsp;&nbsp; Again <input type=password name=passwdv value="<?php echo htvar($passwdv) ?>" size=30></td> <td><input type=password name=passwd value="<?php echo htvar($passwd) ?>" size=30>&nbsp;&nbsp; Again <input type=password name=passwdv value="<?php echo htvar($passwdv) ?>" size=30></td>
</tr> </tr>
<tr> <tr>
<td>Certificate Life<font color=red size=3>*</font> </td> <td>Certificate Life<font color=red size=3>*</font> </td>
<td><select name=expiry> <td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Key Size<font color=red size=3>*</font> </td>
<td><select name=keysize>
<?php
for ($i = 512; $i <= 4096; $i+= 512) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Certificate Use:<font color=red size=3>*</font> </td>
<td><select name=cert_type onchange="if (this.value=='server')
{setVisibility('testrow1',true);setVisibility('testrow2',true);} else {setVisibility('testrow1',false);setVisibility('testrow2',false);}">
<?php
print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
<tr id="testrow2" name="testrow2" style="visibility:hidden;display:none;">
<td>Alternative DNS Names<br>(only one per Line)</td><td><textarea name=dns_names cols=30 rows=5><?php echo htvar($dns_names) ?></textarea></td>
</tr>
<tr id="testrow1" name="testrow1" style="visibility:hidden;display:none;">
<td>IP's<br>(only one per Line)</td><td><textarea name=ip_addr cols=30 rows=5><?php echo htvar($ip_addr) ?></textarea></td>
</tr>
<tr>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><font color=red size=3>* Fields are required</td><td><input type=submit name=submit value='Submit Request'><input type=hidden name=form_stage value='validate'></td>
</tr>
</table>
</form>
<?php <?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Key Size<font color=red size=3>*</font> </td>
<td><select name=keysize>
<?php
for ($i = 512; $i <= 4096; $i+= 512) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Certificate Use:<font color=red size=3>*</font> </td>
<td><select name=cert_type onchange="if (this.value=='server')
{setVisibility('testrow1',true);setVisibility('testrow2',true);} else {setVisibility('testrow1',false);setVisibility('testrow2',false);}">
<?php
print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
<tr id="testrow2" name="testrow2" style="visibility:hidden;display:none;">
<td>Alternative DNS Names<br>(only one per Line)</td><td><textarea name=dns_names cols=30 rows=5><?php echo htvar($dns_names) ?></textarea></td>
</tr>
<tr id="testrow1" name="testrow1" style="visibility:hidden;display:none;">
<td>IP's<br>(only one per Line)</td><td><textarea name=ip_addr cols=30 rows=5><?php echo htvar($ip_addr) ?></textarea></td>
</tr>
<tr>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><font color=red size=3>* Fields are required</td><td><input type=submit name=submit value='Submit Request'><input type=hidden name=form_stage value='validate'></td>
</tr>
</table>
</form>
<?php
printFooter(); printFooter();
} }

385
setup.php-presetup
View File

@@ -262,60 +262,60 @@ switch ($stage) {
# PHPki CONFIGURATION FILE # PHPki CONFIGURATION FILE
# Automatically generated by PHPki. Edit at your own peril. # Automatically generated by PHPki. Edit at your own peril.
# #
\$config['organization'] = '$organization'; \$config['organization'] = '$organization';
\$config['unit'] = '$unit'; \$config['unit'] = '$unit';
\$config['contact'] = '$contact'; \$config['contact'] = '$contact';
\$config['locality'] = '$locality'; \$config['locality'] = '$locality';
\$config['province'] = '$province'; \$config['province'] = '$province';
\$config['country'] = '$country'; \$config['country'] = '$country';
\$config['common_name'] = '$common_name'; \$config['common_name'] = '$common_name';
# Store Directory # Store Directory
\$config['store_dir'] = '$store_dir'; \$config['store_dir'] = '$store_dir';
# Location HTTP Password File # Location HTTP Password File
\$config['passwd_file'] = '$passwd_file'; \$config['passwd_file'] = '$passwd_file';
# Password for CA root certificate. # Password for CA root certificate.
\$config['ca_pwd'] = '$passwd'; \$config['ca_pwd'] = '$passwd';
# Number of years the root certificate is good. # Number of years the root certificate is good.
\$config['expiry'] = '$expiry'; \$config['expiry'] = '$expiry';
# CA certificate key size # CA certificate key size
\$config['keysize'] = '$keysize'; \$config['keysize'] = '$keysize';
# This is superimposed over the PHPki logo on each page. # This is superimposed over the PHPki logo on each page.
\$config['header_title'] = '$header_title'; \$config['header_title'] = '$header_title';
# String to prefix cer and crl uploads # String to prefix cer and crl uploads
\$config['ca_prefix'] = '$ca_prefix'; \$config['ca_prefix'] = '$ca_prefix';
# Location of your OpenSSL binary. # Location of your OpenSSL binary.
\$config['openssl_bin'] = '$openssl_bin'; \$config['openssl_bin'] = '$openssl_bin';
# Base URL # Base URL
\$config['base_url'] = '$base_url'; \$config['base_url'] = '$base_url';
# CRL Distribution points path # CRL Distribution points path
\$config['crl_distrib'] = '$crl_distrib'; \$config['crl_distrib'] = '$crl_distrib';
# Certificate Revocation URL # Certificate Revocation URL
\$config['revoke_url'] = '$revoke_url'; \$config['revoke_url'] = '$revoke_url';
# Certificate Authority Policy URL # Certificate Authority Policy URL
\$config['policy_url'] = '$policy_url'; \$config['policy_url'] = '$policy_url';
# Certificate Comment Fields # Certificate Comment Fields
\$config['comment_root'] = '$comment_root'; \$config['comment_root'] = '$comment_root';
\$config['comment_email'] = '$comment_email'; \$config['comment_email'] = '$comment_email';
\$config['comment_sign'] = '$comment_sign'; \$config['comment_sign'] = '$comment_sign';
\$config['comment_srv'] = '$comment_srv'; \$config['comment_srv'] = '$comment_srv';
\$config['comment_stamp'] = '$comment_stamp'; \$config['comment_stamp'] = '$comment_stamp';
# Who users should contact if they have technical difficulty with # Who users should contact if they have technical difficulty with
# your certificate authority site. # your certificate authority site.
\$config['getting_help'] = '$getting_help'; \$config['getting_help'] = '$getting_help';
# #
# You shouldn't change anything below this line. If you do, don't # You shouldn't change anything below this line. If you do, don't
@@ -331,17 +331,17 @@ switch ($stage) {
\$config['pfx_dir'] = \$config['ca_dir'] . '/pfx'; \$config['pfx_dir'] = \$config['ca_dir'] . '/pfx';
\$config['index'] = \$config['ca_dir'] . '/index.txt'; \$config['index'] = \$config['ca_dir'] . '/index.txt';
\$config['serial'] = \$config['ca_dir'] . '/serial'; \$config['serial'] = \$config['ca_dir'] . '/serial';
\$config['random'] = \$config['ca_dir'] . '/.rnd'; \$config['random'] = \$config['ca_dir'] . '/.rnd';
\$config['cacrl_pem'] = \$config['crl_dir'] . '/cacrl.pem';
\$config['cacrl_der'] = \$config['crl_dir'] . '/cacrl.crl';
\$config['cacert_pem'] = \$config['cert_dir'] . '/cacert.pem'; \$config['cacert_pem'] = \$config['cert_dir'] . '/cacert.pem';
\$config['cacrl_pem'] = \$config['crl_dir'] . '/cacrl.pem';
\$config['cacrl_der'] = \$config['crl_dir'] . '/cacrl.crl';
\$config['cakey'] = \$config['private_dir'] . '/cakey.pem'; \$config['cakey'] = \$config['private_dir'] . '/cakey.pem';
# Default OpenSSL Config File. # Default OpenSSL Config File.
\$config['openssl_cnf'] = \$config['home_dir'] . '/config/openssl.cnf'; \$config['openssl_cnf'] = \$config['home_dir'] . '/config/openssl.cnf';
# Define default md # Define default md
\$config['default_md'] = 'sha512'; \$config['default_md'] = 'sha512';
\$PHPki_admins = Array(md5('admin')); \$PHPki_admins = Array(md5('admin'));
@@ -419,167 +419,166 @@ EOS;
$config_txt1 = " $config_txt1 = "
HOME = $configHOME HOME = $configHOME
RANDFILE = $configRANDFILE RANDFILE = $configRANDFILE
dir = $configCa_dir dir = $configCa_dir
certs = $configCert_dir certs = $configCert_dir
crl_dir = $configCrl_dir crl_dir = $configCrl_dir
database = $configDatabase database = $configDatabase
new_certs_dir = $configNew_certs_dir new_certs_dir = $configNew_certs_dir
private_dir = $configPrivate_dir private_dir = $configPrivate_dir
serial = $configSerial serial = $configSerial
certificate = $configCacert_pem certificate = $configCacert_pem
crl = $configCacrl_pem crl = $configCacrl_pem
private_key = $configCakey private_key = $configCakey
crl_extentions = crl_ext crl_extentions = crl_ext
default_days = 365 default_days = 365
default_crl_days = 30 default_crl_days = 30
preserve = no preserve = no
default_md = $configDefault_md default_md = $configDefault_md
[ ca ] [ ca ]
default_ca = email_cert default_ca = email_cert
[ root_cert ] [ root_cert ]
x509_extensions = root_ext x509_extensions = root_ext
default_days = 3650 default_days = 3650
policy = policy_supplied policy = policy_supplied
[ email_cert ] [ email_cert ]
x509_extensions = email_ext x509_extensions = email_ext
default_days = 365 default_days = 365
policy = policy_supplied policy = policy_supplied
[ email_signing_cert ] [ email_signing_cert ]
x509_extensions = email_signing_ext x509_extensions = email_signing_ext
default_days = 365 default_days = 365
policy = policy_supplied policy = policy_supplied
[ server_cert ] [ server_cert ]
x509_extensions = server_ext x509_extensions = server_ext
default_days = 365 default_days = 365
policy = policy_supplied policy = policy_supplied
[ vpn_cert ] [ vpn_cert ]
x509_extensions = vpn_client_server_ext x509_extensions = vpn_client_server_ext
default_days = 365 default_days = 365
policy = policy_supplied policy = policy_supplied
[ time_stamping_cert ] [ time_stamping_cert ]
x509_extensions = time_stamping_ext x509_extensions = time_stamping_ext
default_days = 365 default_days = 365
policy = policy_supplied policy = policy_supplied
[ policy_supplied ] [ policy_supplied ]
countryName = supplied countryName = supplied
stateOrProvinceName = supplied stateOrProvinceName = supplied
localityName = supplied localityName = supplied
organizationName = supplied organizationName = supplied
organizationalUnitName = supplied organizationalUnitName = supplied
commonName = supplied commonName = supplied
emailAddress = supplied emailAddress = supplied
[ root_ext ] [ root_ext ]
basicConstraints = CA:true basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign keyUsage = cRLSign, keyCertSign
nsCertType = sslCA, emailCA, objCA nsCertType = sslCA, emailCA, objCA
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
subjectAltName = email:copy subjectAltName = email:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_root nsComment = $configComment_root
#nsCaRevocationUrl = #nsCaRevocationUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url nsCaPolicyUrl = $configBase_url$configPolicy_url
[ email_ext ] [ email_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = critical, emailProtection, clientAuth extendedKeyUsage = critical, emailProtection, clientAuth
nsCertType = critical, client, email nsCertType = critical, client, email
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy subjectAltName = email:copy
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_email nsComment = $configComment_email
nsBaseUrl = $configBase_url nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url nsRevocationUrl = $configRevoke_url
#nsRenewalUrl = #nsRenewalUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName = #nsSslServerName =
[ email_signing_ext ] [ email_signing_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = critical, emailProtection, clientAuth, codeSigning extendedKeyUsage = critical, emailProtection, clientAuth, codeSigning
nsCertType = critical, client, email nsCertType = critical, client, email
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy subjectAltName = email:copy
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_sign nsComment = $configComment_sign
nsBaseUrl = $configBase_url nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url nsRevocationUrl = $configRevoke_url
#nsRenewalUrl = #nsRenewalUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName = #nsSslServerName =
[ server_ext ] [ server_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment keyUsage = critical, digitalSignature, keyEncipherment
nsCertType = server nsCertType = server
extendedKeyUsage = critical, serverAuth extendedKeyUsage = critical, serverAuth
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = $server_altnames subjectAltName = $server_altnames
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_srv nsComment = $configComment_srv
nsBaseUrl = $configBase_url nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $configBase_url$configPolicy_url nsCaPolicyUrl = $configBase_url$configPolicy_url
[ time_stamping_ext ] [ time_stamping_ext ]
basicConstraints = CA:false basicConstraints = CA:false
keyUsage = critical, nonRepudiation, digitalSignature keyUsage = critical, nonRepudiation, digitalSignature
extendedKeyUsage = timeStamping extendedKeyUsage = timeStamping
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = DNS:$common_name,email:copy
issuerAltName = issuer:copy issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_stamp] nsComment = $config[comment_stamp]
nsBaseUrl = $configBase_url nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $configBase_url$configPolicy_url nsCaPolicyUrl = $configBase_url$configPolicy_url
[ vpn_client_ext ] [ vpn_client_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature keyUsage = critical, digitalSignature
extendedKeyUsage = critical, clientAuth extendedKeyUsage = critical, clientAuth
nsCertType = critical, client nsCertType = critical, client
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = DNS:$common_name,email:copy
[ vpn_server_ext ] [ vpn_server_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, serverAuth extendedKeyUsage = critical, serverAuth
nsCertType = critical, server nsCertType = critical, server
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = DNS:$common_name,email:copy
[ vpn_client_server_ext ] [ vpn_client_server_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, serverAuth, clientAuth extendedKeyUsage = critical, serverAuth, clientAuth
nsCertType = critical, server, client nsCertType = critical, server, client
subjectKeyIdentifier = hash subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy subjectAltName = DNS:$common_name,email:copy
[ crl_ext ] [ crl_ext ]
issuerAltName=issuer:copy issuerAltName=issuer:copy
@@ -589,36 +588,36 @@ authorityKeyIdentifier=keyid:always,issuer:always
$config_txt2 = <<< EOS $config_txt2 = <<< EOS
[ req ] [ req ]
default_bits = 2048 default_bits = 2048
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_name distinguished_name = req_name
string_mask = nombstr string_mask = nombstr
req_extensions = req_ext req_extensions = req_ext
[ req_name] [ req_name]
countryName = Country Name (2 letter code) countryName = Country Name (2 letter code)
countryName_default = US countryName_default = US
countryName_min = 2 countryName_min = 2
countryName_max = 2 countryName_max = 2
stateOrProvinceName = State or Province Name (full name) stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = stateOrProvinceName_default =
localityName = Locality Name (eg, city) localityName = Locality Name (eg, city)
localityName_default = localityName_default =
0.organizationName = Organization Name (eg, company) 0.organizationName = Organization Name (eg, company)
0.organizationName_default = 0.organizationName_default =
1.organizationName = Second Organization Name (eg, company) 1.organizationName = Second Organization Name (eg, company)
1.organizationName_default = 1.organizationName_default =
organizationalUnitName = Organizational Unit Name (eg, section) organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = organizationalUnitName_default =
commonName = Common Name (eg, YOUR name) commonName = Common Name (eg, YOUR name)
emailAddress = Email Address or Web URL emailAddress = Email Address or Web URL
[ req_ext ] [ req_ext ]
basicConstraints = critical, CA:false basicConstraints = critical, CA:false
@@ -636,21 +635,21 @@ EOS;
$config_txt3 = <<< EOS $config_txt3 = <<< EOS
[ req ] [ req ]
default_bits = 2048 default_bits = 2048
default_keyfile = privkey.pem default_keyfile = privkey.pem
distinguished_name = req_name distinguished_name = req_name
string_mask = nombstr string_mask = nombstr
req_extensions = req_ext req_extensions = req_ext
prompt = no prompt = no
[ req_name ] [ req_name ]
C = $configCountry C = $configCountry
ST = $configProvince ST = $configProvince
L = $configLocality L = $configLocality
O = $configOrganization O = $configOrganization
OU = $configUnit OU = $configUnit
CN = $configCommon_name CN = $configCommon_name
emailAddress = $configEmailaddress emailAddress = $configEmailaddress
[ req_ext ] [ req_ext ]
basicConstraints = critical, CA:true basicConstraints = critical, CA:true
@@ -675,7 +674,7 @@ EOS;
fclose($fd); fclose($fd);
# #
# Intialize index.txt and serial files # Initialize index.txt and serial files
# #
$fd = fopen($config['index'], 'w'); $fd = fopen($config['index'], 'w');
fwrite($fd, ""); fwrite($fd, "");
@@ -698,12 +697,12 @@ EOS;
$configOpenssl_cnf = $config['openssl_cnf']; $configOpenssl_cnf = $config['openssl_cnf'];
$configPrivate_dir = $config['private_dir']; $configPrivate_dir = $config['private_dir'];
$configCacert_pem = $config['cacert_pem']; $configCacert_pem = $config['cacert_pem'];
$configCa_pwd = $config['ca_pwd']; $configCa_pwd = $config['ca_pwd'];
$configCakey = $config['cakey']; $configCakey = $config['cakey'];
$configRandom = $config['random']; $configRandom = $config['random'];
$configCacrl_der = $config['cacrl_der']; $configCacrl_der = $config['cacrl_der'];
$configCacrl_pem = $config['cacrl_pem']; $configCacrl_pem = $config['cacrl_pem'];
// .rnd created here // .rnd created here
exec(REQ . " -x509 -config $tmp_cnf -extensions root_ext -newkey rsa:$keysize -keyout $configCakey -out $configCacert_pem -passout pass:'$configCa_pwd' -days $days 2>&1"); exec(REQ . " -x509 -config $tmp_cnf -extensions root_ext -newkey rsa:$keysize -keyout $configCakey -out $configCacert_pem -passout pass:'$configCa_pwd' -days $days 2>&1");