deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

More formatting

Browse Source
This commit is contained in:
John Crisp
2021-03-07 18:56:21 +01:00
parent 431786fa36
commit d95ee329f5
3 changed files with 398 additions and 400 deletions
Download Patch File Download Diff File Expand all files Collapse all files

180
ca/manage_certs.php
View File

@@ -6,14 +6,14 @@ include('../include/my_functions.php');
include('../include/common.php');
include('../include/openssl_functions.php');
$stage = gpvar('stage');
$serial = gpvar('serial');
$sortfield = gpvar('sortfield');
$ascdec = gpvar('ascdec');
$passwd = gpvar('passwd');
$expiry = gpvar('expiry');
$submit = gpvar('submit');
$dl_type = gpvar('dl_type');
$stage = gpvar('stage');
$serial = gpvar('serial');
$sortfield = gpvar('sortfield');
$ascdec = gpvar('ascdec');
$passwd = gpvar('passwd');
$expiry = gpvar('expiry');
$submit = gpvar('submit');
$dl_type = gpvar('dl_type');
$search = gpvar('search');
$show_valid = gpvar('show_valid');
@@ -68,7 +68,7 @@ switch ($stage) {
$rec = CAdb_get_entry($serial);
?>
<h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3>
<h3>You are about to download the <font color=red>PRIVATE</font> certificate key for <?php echo $rec['common_name'].' &lt;'.$rec['email'].'&gt; '?></h3>
<h3><font color="red">DO NOT DISTRIBUTE THIS FILE TO THE PUBLIC!</font></h3>
<form action="<?php echo $PHP_SELF.'?stage=download&serial='.$serial.'&'.$qstr_sort.'&'.$qstr_filter?>" method="post">
<strong>File type: </strong>
@@ -141,14 +141,14 @@ switch ($stage) {
print '
<td>
'.htvar($rec['serial']).'<br>
'.htvar($rec['common_name']).'<br>
'.htvar($rec['email']).'<br>
'.htvar($rec['organization']).'<br>
'.htvar($rec['unit']).'<br>
'.htvar($rec['locality']).'<br>
'.htvar($rec['province']).'<br>
'.htvar($rec['country']).'<br>
'.htvar($rec['serial']).'<br>
'.htvar($rec['common_name']).'<br>
'.htvar($rec['email']).'<br>
'.htvar($rec['organization']).'<br>
'.htvar($rec['unit']).'<br>
'.htvar($rec['locality']).'<br>
'.htvar($rec['province']).'<br>
'.htvar($rec['country']).'<br>
</td>
</tr></table>
<h4>Are you sure?</h4>
@@ -177,11 +177,11 @@ switch ($stage) {
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<p>
<input type=submit name=submit value=Back>
<p>
</form>
</blockquote>
<p>
<input type=submit name=submit value=Back>
<p>
</form>
<?php
} else {
header("Location: ${PHP_SELF}?$qstr_sort&$qstr_filter");
@@ -214,78 +214,77 @@ switch ($stage) {
<body onLoad="self.focus();document.form.passwd.focus();">
<form action="<?php echo $PHP_SELF.'?'.$qstr_sort.'&'.$qstr_filter?>" method=post name=form>
<table width=99%>
<th colspan="2"><h3>Certificate Renewal Form</h3></th>
<table width=99%>
<th colspan="2"><h3>Certificate Renewal Form</h3></th>
<tr>
<td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td>
</tr>
<tr>
<td colspan="2" style="text-align:center">This will Revoke the old Certificate and Create a new one<br>You can add a password if required</td>
</tr>
<tr>
<td width="25%">Common Name </td>
<td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td width="25%">Common Name </td>
<td><input type="text"" name="common_name" value="<?php echo htvar($common_name)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>E-mail Address </td>
<td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>E-mail Address </td>
<td><input type="text" name="email" value="<?php echo htvar($email)?>" size="50" maxlength="60" disabled></td>
</tr>
<tr>
<td>Organization </td>
<td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td>
</tr>
<tr>
<td>Organization </td>
<td><input type="text" name="organization" value="<?php echo htvar($organization)?>" size="60" maxlength="60" disabled></td>
</tr>
<tr>
<td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td>
</tr>
<tr>
<td>Department/Unit </td><td><input type="text" name="unit" value="<?php echo htvar($unit) ?>" size="40" maxlength="60" disabled></td>
</tr>
<tr>
<td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>Locality</td><td><input type="text" name="locality" value="<?php echo htvar($locality) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>State/Province</td><td><input type="text" name="province" value="<?php echo htvar($province) ?>" size="30" maxlength="30" disabled></td>
</tr>
<tr>
<td>Country</td>
<td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td>
</tr>
<tr>
<td>Country</td>
<td><input type="text" name="country" value="<?php echo htvar($country) ?>" size="2" maxlength="2" disabled></td>
</tr>
<tr>
<td>Certificate Password </td>
<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
</tr>
<tr>
<td>Certificate Password </td>
<td><input type="password" name="passwd" value="<?php echo htvar($passwd) ?>" size="30"></td>
</tr>
<tr>
<td>Certificate Life </td>
<td><select name=expiry>
<?php
<tr>
<td>Certificate Life </td>
<td><select name=expiry>
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
?>
</select></td>
</tr>
<tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
</select></td>
</tr>
<tr>
<td>&nbsp</td>
<td>
<input type="submit" name="submit" value="Submit Request">&nbsp
<input type="submit" name="submit" value="Back">
<input type="hidden" name="stage" value="renew">
<input type="hidden" name="serial" value="<?php echo $serial ?>" >
</td>
</tr>
</table>
</form>
<?php
@@ -309,12 +308,12 @@ switch ($stage) {
<blockquote>
<h3>Debug Info:</h3>
<pre><?php echo $errtxt?></pre>
</blockquote>
<p>
<input type="submit" name="submit" value="Back">
<p>
</form>
<?php
</blockquote>
<p>
<input type="submit" name="submit" value="Back">
<p>
</form>
<?php
} else {
header("Location: $PHP_SELF?$qstr_sort&$qstr_filter");
}
@@ -323,8 +322,8 @@ switch ($stage) {
default:
printHeader('ca');
?>
<body onLoad="self.focus();document.filter.search.focus();">
<table style="margin:0 auto">
<tr><th colspan=9><big>CERTIFICATE MANAGEMENT CONTROL PANEL</big></th></tr>
@@ -342,6 +341,7 @@ switch ($stage) {
</form>
</center></td>
</tr>
<?php
if (! $sortfield) {
@@ -392,7 +392,7 @@ switch ($stage) {
$stcolor = array('Valid'=>'green','Revoked'=>'red','Expired'=>'orange');
foreach ($db as $rec) {
print '<tr style="font-size: 11px;">
print '<tr style="font-size: 11px;">
<td><font color='.$stcolor[$rec['status']].'><b>' .$rec[status].'</b></font></td>
<td style="white-space: nowrap">'.$rec['issued'].'</td>
<td style="white-space: nowrap">'.$rec['expires'].'</td>

203
ca/request_cert.php
View File

@@ -124,7 +124,7 @@ switch ($form_stage) {
printHeader();
?>
<form action='<?php echo $PHP_SELF?>' method=post>
<form action='<?php echo $PHP_SELF?>' method=post>
<input type=submit name=submit value='Go Back'>
<font color=#ff0000><?php echo $er?></font>
<br><input type=submit name=submit value='Go Back'>
@@ -220,14 +220,14 @@ switch ($form_stage) {
# Save user's defaults
$fp = fopen($user_cnf, 'w');
$x = '<?php
$country = \''.addslashes($country).'\';
$locality = \''.addslashes($locality).'\';
$province = \''.addslashes($province).'\';
$organization = \''.addslashes($organization).'\';
$unit = \''.addslashes($unit).'\';
$expiry = \''.addslashes($expiry).'\';
$keysize = \''.addslashes($keysize).'\';
?>';
$country = \''.addslashes($country).'\';
$locality = \''.addslashes($locality).'\';
$province = \''.addslashes($province).'\';
$organization = \''.addslashes($organization).'\';
$unit = \''.addslashes($unit).'\';
$expiry = \''.addslashes($expiry).'\';
$keysize = \''.addslashes($keysize).'\';
?>';
fwrite($fp, $x);
fclose($fp);
@@ -336,110 +336,109 @@ switch ($form_stage) {
<body onLoad="self.focus();document.request.common_name.focus();document.request.cert_type.onchange();">
<form action="<?php echo $PHP_SELF?>" method=post name=request>
<table width=99%>
<th colspan=2><h3>Certificate Request Form</h3></th>
<table width=99%>
<th colspan=2><h3>Certificate Request Form</h3></th>
<tr>
<td width=30%>Common Name<font color=red size=3>*</font><br>(i.e. User real name or computer hostname - used as SubjectAltName)</td>
<td><input type=text name=common_name value="<?php echo htvar($common_name)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td width=30%>Common Name<font color=red size=3> *</font><br>(i.e. User real name or computer hostname - used as SubjectAltName)</td>
<td><input type=text name=common_name value="<?php echo htvar($common_name)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>E-mail Address <font color=red size=3>*</font></td>
<td><input type=text name=email value="<?php echo htvar($email)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>E-mail Address<font color=red size=3> *</font></td>
<td><input type=text name=email value="<?php echo htvar($email)?>" size=50 maxlength=60></td>
</tr>
<tr>
<td>Organization (Company/Agency)<font color=red size=3>*</font></td>
<td><input type=text name=organization value="<?php echo htvar($organization)?>" size=60 maxlength=60></td>
</tr>
<tr>
<td>Organization (Company/Agency)<font color=red size=3> *</font></td>
<td><input type=text name=organization value="<?php echo htvar($organization)?>" size=60 maxlength=60></td>
</tr>
<tr>
<td>Department/Unit<font color=red size=3>*</font> </td><td><input type=text name=unit value="<?php echo htvar($unit) ?>" size=40 maxlength=60></td>
</tr>
<tr>
<td>Department/Unit<font color=red size=3> *</font> </td><td><input type=text name=unit value="<?php echo htvar($unit) ?>" size=40 maxlength=60></td>
</tr>
<tr>
<td>Locality (City/County)<font color=red size=3>*</font></td><td><input type=text name=locality value="<?php echo htvar($locality) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>Locality (City/County)<font color=red size=3> *</font></td><td><input type=text name=locality value="<?php echo htvar($locality) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>State/Province<font color=red size=3>*</font></td><td><input type=text name=province value="<?php echo htvar($province) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>State/Province<font color=red size=3> *</font></td><td><input type=text name=province value="<?php echo htvar($province) ?>" size=30 maxlength=30></td>
</tr>
<tr>
<td>Country<font color=red size=3>*</font></td>
<td><input type=text name=country value="<?php echo htvar($country) ?>" size=2 maxlength=2></td>
</tr>
<tr>
<td>Country<font color=red size=3> *</font></td>
<td><input type=text name=country value="<?php echo htvar($country) ?>" size=2 maxlength=2></td>
</tr>
<tr>
<td>Certificate Password<font color=red size=3>*</font><br>(Mandatory for Email,SSL Client,Code signing)</td>
<td><input type=password name=passwd value="<?php echo htvar($passwd) ?>" size=30>&nbsp;&nbsp; Again <input type=password name=passwdv value="<?php echo htvar($passwdv) ?>" size=30></td>
</tr>
<tr>
<td>Certificate Password<font color=red size=3> *</font><br>(Min 8 chars - Mandatory for Email,SSL Client,Code signing)</td>
<td><input type=password name=passwd value="<?php echo htvar($passwd) ?>" size=30>&nbsp;&nbsp; Again <input type=password name=passwdv value="<?php echo htvar($passwdv) ?>" size=30></td>
</tr>
<tr>
<td>Certificate Life<font color=red size=3>*</font> </td>
<td><select name=expiry>
<tr>
<td>Certificate Life<font color=red size=3>*</font> </td>
<td><select name=expiry>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Key Size<font color=red size=3>*</font> </td>
<td><select name=keysize>
<?php
for ($i = 512; $i <= 4096; $i+= 512) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Certificate Use:<font color=red size=3>*</font> </td>
<td><select name=cert_type onchange="if (this.value=='server')
{setVisibility('testrow1',true);setVisibility('testrow2',true);} else {setVisibility('testrow1',false);setVisibility('testrow2',false);}">
<?php
print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
<tr id="testrow2" name="testrow2" style="visibility:hidden;display:none;">
<td>Alternative DNS Names<br>(only one per Line)</td><td><textarea name=dns_names cols=30 rows=5><?php echo htvar($dns_names) ?></textarea></td>
</tr>
<tr id="testrow1" name="testrow1" style="visibility:hidden;display:none;">
<td>IP's<br>(only one per Line)</td><td><textarea name=ip_addr cols=30 rows=5><?php echo htvar($ip_addr) ?></textarea></td>
</tr>
<tr>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><font color=red size=3>* Fields are required</td><td><input type=submit name=submit value='Submit Request'><input type=hidden name=form_stage value='validate'></td>
</tr>
</table>
</form>
<?php
print "<option value=0.083 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Month</option>\n" ;
print "<option value=0.25 " . ($expiry == 1 ? "selected='selected'" : "") . " >3 Months</option>\n" ;
print "<option value=0.5 " . ($expiry == 1 ? "selected='selected'" : "") . " >6 Months</option>\n" ;
print "<option value=1 " . ($expiry == 1 ? "selected='selected'" : "") . " >1 Year</option>\n" ;
for ($i = 2; $i <= 5; $i++) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Key Size<font color=red size=3>*</font> </td>
<td><select name=keysize>
<?php
for ($i = 512; $i <= 4096; $i+= 512) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
</select></td>
</tr>
<tr>
<td>Certificate Use:<font color=red size=3>*</font> </td>
<td><select name=cert_type onchange="if (this.value=='server')
{setVisibility('testrow1',true);setVisibility('testrow2',true);} else {setVisibility('testrow1',false);setVisibility('testrow2',false);}">
<?php
print '<option value="email" '.($cert_type=='email'?'selected':'').'>E-mail, SSL Client</option>';
print '<option value="email_signing" '.($cert_type=='email_signing'?'selected':'').'>E-mail, SSL Client, Code Signing</option>';
print '<option value="server" '.($cert_type=='server'?'selected':'').'>SSL Server</option>';
print '<option value="vpn_client" '.($cert_type=='vpn_client'?'selected':'').'>VPN Client Only</option>';
print '<option value="vpn_server" '.($cert_type=='vpn_server'?'selected':'').'>VPN Server Only</option>';
print '<option value="vpn_client_server" '.($cert_type=='vpn_client_server'?'selected':'').'>VPN Client, VPN Server</option>';
print '<option value="time_stamping" '.($cert_type=='time_stamping'?'selected':'').'>Time Stamping</option>';
?>
</select></td>
</tr>
<tr id="testrow2" name="testrow2" style="visibility:hidden;display:none;">
<td>Alternative DNS Names<br>(only one per Line)</td><td><textarea name=dns_names cols=30 rows=5><?php echo htvar($dns_names) ?></textarea></td>
</tr>
<tr id="testrow1" name="testrow1" style="visibility:hidden;display:none;">
<td>IP's<br>(only one per Line)</td><td><textarea name=ip_addr cols=30 rows=5><?php echo htvar($ip_addr) ?></textarea></td>
</tr>
<tr>
<td>&nbsp</td>
<td>&nbsp</td>
</tr>
<tr>
<td><font color=red size=3>* Fields are required</td><td><input type=submit name=submit value='Submit Request'><input type=hidden name=form_stage value='validate'></td>
</tr>
</table>
</form>
<?php
printFooter();
}

385
setup.php-presetup
View File

@@ -262,60 +262,60 @@ switch ($stage) {
# PHPki CONFIGURATION FILE
# Automatically generated by PHPki. Edit at your own peril.
#
\$config['organization'] = '$organization';
\$config['unit'] = '$unit';
\$config['contact'] = '$contact';
\$config['locality'] = '$locality';
\$config['province'] = '$province';
\$config['country'] = '$country';
\$config['common_name'] = '$common_name';
\$config['organization'] = '$organization';
\$config['unit'] = '$unit';
\$config['contact'] = '$contact';
\$config['locality'] = '$locality';
\$config['province'] = '$province';
\$config['country'] = '$country';
\$config['common_name'] = '$common_name';
# Store Directory
\$config['store_dir'] = '$store_dir';
\$config['store_dir'] = '$store_dir';
# Location HTTP Password File
\$config['passwd_file'] = '$passwd_file';
\$config['passwd_file'] = '$passwd_file';
# Password for CA root certificate.
\$config['ca_pwd'] = '$passwd';
\$config['ca_pwd'] = '$passwd';
# Number of years the root certificate is good.
\$config['expiry'] = '$expiry';
\$config['expiry'] = '$expiry';
# CA certificate key size
\$config['keysize'] = '$keysize';
\$config['keysize'] = '$keysize';
# This is superimposed over the PHPki logo on each page.
\$config['header_title'] = '$header_title';
\$config['header_title'] = '$header_title';
# String to prefix cer and crl uploads
\$config['ca_prefix'] = '$ca_prefix';
\$config['ca_prefix'] = '$ca_prefix';
# Location of your OpenSSL binary.
\$config['openssl_bin'] = '$openssl_bin';
\$config['openssl_bin'] = '$openssl_bin';
# Base URL
\$config['base_url'] = '$base_url';
\$config['base_url'] = '$base_url';
# CRL Distribution points path
\$config['crl_distrib'] = '$crl_distrib';
\$config['crl_distrib'] = '$crl_distrib';
# Certificate Revocation URL
\$config['revoke_url'] = '$revoke_url';
\$config['revoke_url'] = '$revoke_url';
# Certificate Authority Policy URL
\$config['policy_url'] = '$policy_url';
\$config['policy_url'] = '$policy_url';
# Certificate Comment Fields
\$config['comment_root'] = '$comment_root';
\$config['comment_email'] = '$comment_email';
\$config['comment_email'] = '$comment_email';
\$config['comment_sign'] = '$comment_sign';
\$config['comment_srv'] = '$comment_srv';
\$config['comment_stamp'] = '$comment_stamp';
\$config['comment_srv'] = '$comment_srv';
\$config['comment_stamp'] = '$comment_stamp';
# Who users should contact if they have technical difficulty with
# your certificate authority site.
\$config['getting_help'] = '$getting_help';
\$config['getting_help'] = '$getting_help';
#
# You shouldn't change anything below this line. If you do, don't
@@ -331,17 +331,17 @@ switch ($stage) {
\$config['pfx_dir'] = \$config['ca_dir'] . '/pfx';
\$config['index'] = \$config['ca_dir'] . '/index.txt';
\$config['serial'] = \$config['ca_dir'] . '/serial';
\$config['random'] = \$config['ca_dir'] . '/.rnd';
\$config['random'] = \$config['ca_dir'] . '/.rnd';
\$config['cacrl_pem'] = \$config['crl_dir'] . '/cacrl.pem';
\$config['cacrl_der'] = \$config['crl_dir'] . '/cacrl.crl';
\$config['cacert_pem'] = \$config['cert_dir'] . '/cacert.pem';
\$config['cacrl_pem'] = \$config['crl_dir'] . '/cacrl.pem';
\$config['cacrl_der'] = \$config['crl_dir'] . '/cacrl.crl';
\$config['cakey'] = \$config['private_dir'] . '/cakey.pem';
# Default OpenSSL Config File.
\$config['openssl_cnf'] = \$config['home_dir'] . '/config/openssl.cnf';
# Define default md
\$config['default_md'] = 'sha512';
\$config['default_md'] = 'sha512';
\$PHPki_admins = Array(md5('admin'));
@@ -419,167 +419,166 @@ EOS;
$config_txt1 = "
HOME = $configHOME
RANDFILE = $configRANDFILE
dir = $configCa_dir
certs = $configCert_dir
crl_dir = $configCrl_dir
database = $configDatabase
new_certs_dir = $configNew_certs_dir
private_dir = $configPrivate_dir
serial = $configSerial
certificate = $configCacert_pem
crl = $configCacrl_pem
private_key = $configCakey
crl_extentions = crl_ext
default_days = 365
default_crl_days = 30
preserve = no
default_md = $configDefault_md
HOME = $configHOME
RANDFILE = $configRANDFILE
dir = $configCa_dir
certs = $configCert_dir
crl_dir = $configCrl_dir
database = $configDatabase
new_certs_dir = $configNew_certs_dir
private_dir = $configPrivate_dir
serial = $configSerial
certificate = $configCacert_pem
crl = $configCacrl_pem
private_key = $configCakey
crl_extentions = crl_ext
default_days = 365
default_crl_days = 30
preserve = no
default_md = $configDefault_md
[ ca ]
default_ca = email_cert
default_ca = email_cert
[ root_cert ]
x509_extensions = root_ext
default_days = 3650
policy = policy_supplied
x509_extensions = root_ext
default_days = 3650
policy = policy_supplied
[ email_cert ]
x509_extensions = email_ext
default_days = 365
policy = policy_supplied
x509_extensions = email_ext
default_days = 365
policy = policy_supplied
[ email_signing_cert ]
x509_extensions = email_signing_ext
default_days = 365
policy = policy_supplied
x509_extensions = email_signing_ext
default_days = 365
policy = policy_supplied
[ server_cert ]
x509_extensions = server_ext
default_days = 365
policy = policy_supplied
x509_extensions = server_ext
default_days = 365
policy = policy_supplied
[ vpn_cert ]
x509_extensions = vpn_client_server_ext
default_days = 365
policy = policy_supplied
x509_extensions = vpn_client_server_ext
default_days = 365
policy = policy_supplied
[ time_stamping_cert ]
x509_extensions = time_stamping_ext
default_days = 365
policy = policy_supplied
x509_extensions = time_stamping_ext
default_days = 365
policy = policy_supplied
[ policy_supplied ]
countryName = supplied
stateOrProvinceName = supplied
localityName = supplied
organizationName = supplied
organizationalUnitName = supplied
commonName = supplied
emailAddress = supplied
countryName = supplied
stateOrProvinceName = supplied
localityName = supplied
organizationName = supplied
organizationalUnitName = supplied
commonName = supplied
emailAddress = supplied
[ root_ext ]
basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign
nsCertType = sslCA, emailCA, objCA
subjectKeyIdentifier = hash
subjectAltName = email:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_root
#nsCaRevocationUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url
basicConstraints = CA:true
keyUsage = cRLSign, keyCertSign
nsCertType = sslCA, emailCA, objCA
subjectKeyIdentifier = hash
subjectAltName = email:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_root
#nsCaRevocationUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url
[ email_ext ]
basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = critical, emailProtection, clientAuth
nsCertType = critical, client, email
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_email
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
#nsRenewalUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName =
basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = critical, emailProtection, clientAuth
nsCertType = critical, client, email
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_email
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
#nsRenewalUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName =
[ email_signing_ext ]
basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = critical, emailProtection, clientAuth, codeSigning
nsCertType = critical, client, email
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_sign
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
#nsRenewalUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName =
basicConstraints = critical, CA:false
keyUsage = critical, nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = critical, emailProtection, clientAuth, codeSigning
nsCertType = critical, client, email
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_sign
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
#nsRenewalUrl =
nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName =
[ server_ext ]
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment
nsCertType = server
extendedKeyUsage = critical, serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = $server_altnames
issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_srv
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $configBase_url$configPolicy_url
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment
nsCertType = server
extendedKeyUsage = critical, serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = $server_altnames
issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_srv
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $configBase_url$configPolicy_url
[ time_stamping_ext ]
basicConstraints = CA:false
keyUsage = critical, nonRepudiation, digitalSignature
extendedKeyUsage = timeStamping
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_stamp]
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $configBase_url$configPolicy_url
basicConstraints = CA:false
keyUsage = critical, nonRepudiation, digitalSignature
extendedKeyUsage = timeStamping
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_stamp]
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $configBase_url$configPolicy_url
[ vpn_client_ext ]
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, clientAuth
nsCertType = critical, client
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature
extendedKeyUsage = critical, clientAuth
nsCertType = critical, client
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
[ vpn_server_ext ]
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, serverAuth
nsCertType = critical, server
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, serverAuth
nsCertType = critical, server
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
[ vpn_client_server_ext ]
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, serverAuth, clientAuth
nsCertType = critical, server, client
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = critical, serverAuth, clientAuth
nsCertType = critical, server, client
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
[ crl_ext ]
issuerAltName=issuer:copy
@@ -589,36 +588,36 @@ authorityKeyIdentifier=keyid:always,issuer:always
$config_txt2 = <<< EOS
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_name
string_mask = nombstr
req_extensions = req_ext
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_name
string_mask = nombstr
req_extensions = req_ext
[ req_name]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
countryName = Country Name (2 letter code)
countryName_default = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default =
localityName = Locality Name (eg, city)
localityName_default =
localityName = Locality Name (eg, city)
localityName_default =
0.organizationName = Organization Name (eg, company)
0.organizationName = Organization Name (eg, company)
0.organizationName_default =
1.organizationName = Second Organization Name (eg, company)
1.organizationName = Second Organization Name (eg, company)
1.organizationName_default =
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default =
commonName = Common Name (eg, YOUR name)
commonName = Common Name (eg, YOUR name)
emailAddress = Email Address or Web URL
emailAddress = Email Address or Web URL
[ req_ext ]
basicConstraints = critical, CA:false
@@ -636,21 +635,21 @@ EOS;
$config_txt3 = <<< EOS
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_name
string_mask = nombstr
req_extensions = req_ext
prompt = no
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_name
string_mask = nombstr
req_extensions = req_ext
prompt = no
[ req_name ]
C = $configCountry
ST = $configProvince
L = $configLocality
O = $configOrganization
OU = $configUnit
CN = $configCommon_name
emailAddress = $configEmailaddress
C = $configCountry
ST = $configProvince
L = $configLocality
O = $configOrganization
OU = $configUnit
CN = $configCommon_name
emailAddress = $configEmailaddress
[ req_ext ]
basicConstraints = critical, CA:true
@@ -675,7 +674,7 @@ EOS;
fclose($fd);
#
# Intialize index.txt and serial files
# Initialize index.txt and serial files
#
$fd = fopen($config['index'], 'w');
fwrite($fd, "");
@@ -698,12 +697,12 @@ EOS;
$configOpenssl_cnf = $config['openssl_cnf'];
$configPrivate_dir = $config['private_dir'];
$configCacert_pem = $config['cacert_pem'];
$configCa_pwd = $config['ca_pwd'];
$configCakey = $config['cakey'];
$configRandom = $config['random'];
$configCacrl_der = $config['cacrl_der'];
$configCacrl_pem = $config['cacrl_pem'];
$configCacert_pem = $config['cacert_pem'];
$configCa_pwd = $config['ca_pwd'];
$configCakey = $config['cakey'];
$configRandom = $config['random'];
$configCacrl_der = $config['cacrl_der'];
$configCacrl_pem = $config['cacrl_pem'];
// .rnd created here
exec(REQ . " -x509 -config $tmp_cnf -extensions root_ext -newkey rsa:$keysize -keyout $configCakey -out $configCacert_pem -passout pass:'$configCa_pwd' -days $days 2>&1");