deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor temporary confs

Browse Source
This commit is contained in:
John Crisp
2021-03-03 17:07:53 +01:00
parent e04b3dd35b
commit fbf3170398
1 changed files with 810 additions and 629 deletions
Download Patch File Download Diff File Expand all files Collapse all files

491
setup.php-presetup
View File

@@ -3,8 +3,9 @@ include('./config.php');
include('./include/my_functions.php');
include('./include/common.php');
function flush_exec($command, $line_length=200) {
$handle = popen("$command 2>&1",'r');
function flush_exec($command, $line_length = 200)
{
$handle = popen("$command 2>&1", 'r');
$line = '';
while (! feof($handle)) {
@@ -14,8 +15,7 @@ function flush_exec($command, $line_length=200) {
print str_replace("\n", "<br>\n", $line);
$line = '';
flush();
}
elseif (strlen($line) > $line_length) {
} elseif (strlen($line) > $line_length) {
print $line."<br>\n";
$line = '';
flush();
@@ -69,7 +69,9 @@ $ca_prefix = gpvar('ca_prefix');
$header_title = gpvar('header_title');
$store_dir = gpvar('store_dir');
if ($base_url && substr($base_url,-1) != '/') $base_url .= '/';
if ($base_url && substr($base_url, -1) != '/') {
$base_url .= '/';
}
$hidden_fields = '
<input type=hidden name=country value="' . htvar($country) . '">
@@ -101,60 +103,97 @@ $hidden_fields = '
';
switch ($stage) {
case 'validate':
case 'validate':
$er = '';
if (! $country) $er .= 'Missing Country<br>';
if (! $province) $er .= 'Missing State/Province<br>';
if (! $locality) $er .= 'Missing Locality<br>';
if (! $organization) $er .= 'Missing Organization<br>';
if (! $unit) $er .= 'Missing Unit/Department<br>';
if (! $contact) $er .= 'Missing Contact E-mail Address<br>';
if (! $common_name) $er .= 'Missing Common Name<br>';
if (! $passwd) $er .= 'Missing Certificate Password<br>';
if (! $passwdv) $er .= 'Missing Certificate Password Verification "Again"<br>';
if (! $header_title) $er .= 'Missing Header Title<br>';
if (! $passwd_file) $er .= 'Missing User Password File Location';
if (! $store_dir) $er .= 'Missing Storage Directory<br>';
if (! $country) {
$er .= 'Missing Country<br>';
}
if (! $province) {
$er .= 'Missing State/Province<br>';
}
if (! $locality) {
$er .= 'Missing Locality<br>';
}
if (! $organization) {
$er .= 'Missing Organization<br>';
}
if (! $unit) {
$er .= 'Missing Unit/Department<br>';
}
if (! $contact) {
$er .= 'Missing Contact E-mail Address<br>';
}
if (! $common_name) {
$er .= 'Missing Common Name<br>';
}
if (! $passwd) {
$er .= 'Missing Certificate Password<br>';
}
if (! $passwdv) {
$er .= 'Missing Certificate Password Verification "Again"<br>';
}
if (! $header_title) {
$er .= 'Missing Header Title<br>';
}
if (! $passwd_file) {
$er .= 'Missing User Password File Location';
}
if (! $store_dir) {
$er .= 'Missing Storage Directory<br>';
}
$countrycode = strtoupper($country);
if (! preg_match("/\b[A-Z][A-Z]\b/", $countrycode, $match) ) {
if (! preg_match("/\b[A-Z][A-Z]\b/", $countrycode, $match)) {
$er .= 'Country Code must be ISO 3166 two letters <br>';
}
if ( $passwd && strlen($passwd) < 8 )
if ($passwd && strlen($passwd) < 8) {
$er .= 'Certificate password is too short.<br>';
}
if ( $passwd and $passwd != $passwdv )
if ($passwd and $passwd != $passwdv) {
$er .= 'Password and password verification do not match.<br>';
}
if ( $contact && ! is_email($contact) )
if ($contact && ! is_email($contact)) {
$er .= 'E-mail address ('. htvar($contact) . ') may be invalid.<br>';
}
if (strpos($store_dir,$_SERVER['DOCUMENT_ROOT']) === 0)
if (strpos($store_dir, $_SERVER['DOCUMENT_ROOT']) === 0) {
$er .= 'Store directory must exist somewhere outside of DOCUMENT_ROOT ('.$_SERVER['DOCUMENT_ROOT'].').<br>';
}
if (strpos($store_dir,dirname($_SERVER['SCRIPT_FILENAME'])) === 0)
if (strpos($store_dir, dirname($_SERVER['SCRIPT_FILENAME'])) === 0) {
$er .= 'Store directory cannot exist within the PHPki installation directory ('.dirname($_SERVER['SCRIPT_FILENAME']).').<br>';
}
if (! $er) {
if (! file_exists($store_dir) ) {
if ( ! mkdir("$store_dir",$store_perms)) $er .= "Could not create the store directory \"$store_dir\"<br>";
if (! file_exists($store_dir)) {
if (! mkdir("$store_dir", $store_perms)) {
$er .= "Could not create the store directory \"$store_dir\"<br>";
}
}
if (file_exists($store_dir)) {
if (! chmod($store_dir, $store_perms)) $er .= "Could not change permissions on the store directory \"$store_dir\"<br>";
if (! is_readable($store_dir)) $er .= "The store directory \"$store_dir\" is not readable by the web server user \"$uname\"<br>";
if (! is_writeable($store_dir)) $er .= "The store directory \"$store_dir\: is not writeable by the web server user \"$uname\"<br>";
if (! chmod($store_dir, $store_perms)) {
$er .= "Could not change permissions on the store directory \"$store_dir\"<br>";
}
else {
if (! is_readable($store_dir)) {
$er .= "The store directory \"$store_dir\" is not readable by the web server user \"$uname\"<br>";
}
if (! is_writeable($store_dir)) {
$er .= "The store directory \"$store_dir\: is not writeable by the web server user \"$uname\"<br>";
}
} else {
$er .= "Store directory \"$store_dir\" does not exist. You will have to manually create it as desribed in the setup form.<br>";
}
}
if ( $er )
if ($er) {
$er = '<h2>ERROR(S) IN FORM:</h2><h4><blockquote>' . $er . '</blockquote></h4>';
}
if ($er) {
printHeader('setup');
@@ -173,8 +212,7 @@ case 'validate':
break;
}
case 'write':
case 'write':
printHeader('about');
#
@@ -184,15 +222,33 @@ case 'write':
print '<strong>Creating PHPki file store...</strong><br>';
flush();
if (! file_exists("$store_dir/config")) mkdir("$store_dir/config",$store_perms);
if (! file_exists("$store_dir/tmp")) mkdir("$store_dir/tmp",$store_perms);
if (! file_exists("$store_dir/CA")) mkdir("$store_dir/CA",$store_perms);
if (! file_exists("$store_dir/CA/certs")) mkdir("$store_dir/CA/certs",$store_perms);
if (! file_exists("$store_dir/CA/private")) mkdir("$store_dir/CA/private",$store_perms);
if (! file_exists("$store_dir/CA/newcerts")) mkdir("$store_dir/CA/newcerts",$store_perms);
if (! file_exists("$store_dir/CA/requests")) mkdir("$store_dir/CA/requests",$store_perms);
if (! file_exists("$store_dir/CA/crl")) mkdir("$store_dir/CA/crl",$store_perms);
if (! file_exists("$store_dir/CA/pfx")) mkdir("$store_dir/CA/pfx",$store_perms);
if (! file_exists("$store_dir/config")) {
mkdir("$store_dir/config", $store_perms);
}
if (! file_exists("$store_dir/tmp")) {
mkdir("$store_dir/tmp", $store_perms);
}
if (! file_exists("$store_dir/CA")) {
mkdir("$store_dir/CA", $store_perms);
}
if (! file_exists("$store_dir/CA/certs")) {
mkdir("$store_dir/CA/certs", $store_perms);
}
if (! file_exists("$store_dir/CA/private")) {
mkdir("$store_dir/CA/private", $store_perms);
}
if (! file_exists("$store_dir/CA/newcerts")) {
mkdir("$store_dir/CA/newcerts", $store_perms);
}
if (! file_exists("$store_dir/CA/requests")) {
mkdir("$store_dir/CA/requests", $store_perms);
}
if (! file_exists("$store_dir/CA/crl")) {
mkdir("$store_dir/CA/crl", $store_perms);
}
if (! file_exists("$store_dir/CA/pfx")) {
mkdir("$store_dir/CA/pfx", $store_perms);
}
#
@@ -303,7 +359,7 @@ EOS;
#
# Write out the CA configuration file.
#
$fd = fopen("$store_dir/config/config.php",'w');
$fd = fopen("$store_dir/config/config.php", 'w');
fwrite($fd, $config_main_txt);
fclose($fd);
@@ -323,7 +379,7 @@ EOS;
#
# Write out the bootstrap config
#
$fd = fopen('./config.php','w');
$fd = fopen('./config.php', 'w');
fwrite($fd, $config_boot_txt);
fclose($fd);
@@ -337,24 +393,49 @@ EOS;
# CA root certificate, and create a generic openssl.cnf file
# in the CA home
#
$config_txt1 = <<< EOS
HOME = $config[home_dir]
RANDFILE = $config[random]
dir = $config[ca_dir]
certs = $config[cert_dir]
crl_dir = $config[crl_dir]
database = $config[index]
new_certs_dir = $config[new_certs_dir]
private_dir = $config[private_dir]
serial = $config[serial]
certificate = $config[cacert_pem]
crl = $config[cacrl_pem]
private_key = $config[cakey]
crl_extensions = crl_ext
$configHOME = $config['home_dir'];
$configRANDFILE = $config['random'];
$configCa_dir = $config['ca_dir'];
$configCert_dir = $config['cert_dir'];
$configCrl_dir = $config['crl_dir'];
$configDatabase = $config['index'];
$configNew_certs_dir = $config['new_certs_dir'];
$configPrivate_dir = $config['private_dir'];
$configSerial = $config['serial'];
$configCacert_pem = $config['cacert_pem'];
$configCacrl_pem = $config['cacrl_pem'];
$configCakey = $config['cakey'];
$configDefault_md = $config['default_md'];
$configBase_url = $config['base_url'];
$configCrl_dist = $config['crl_distrib'];
$configComment_root = $config['comment_root'];
$configPolicy_url = $config['policy_url'];
$configRevoke_url = $config['revoke_url'];
$configComment_email = $config['comment_email'];
$configComment_sign = $config['comment_sign'];
$configComment_srv = $config['comment_srv'];
$config_txt1 = "
HOME = $configHOME
RANDFILE = $configRANDFILE
dir = $configCa_dir
certs = $configCert_dir
crl_dir = $configCrl_dir
database = $configDatabase
new_certs_dir = $configNew_certs_dir
private_dir = $configPrivate_dir
serial = $configSerial
certificate = $configCacert_pem
crl = $configCacrl_pem
private_key = $configCakey
crl_extentions = crl_ext
default_days = 365
default_crl_days= 30
default_crl_days = 30
preserve = no
default_md = $config[default_md]
default_md = $configDefault_md
[ ca ]
default_ca = email_cert
@@ -404,10 +485,10 @@ keyUsage = cRLSign, keyCertSign
nsCertType = sslCA, emailCA, objCA
subjectKeyIdentifier = hash
subjectAltName = email:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib]
nsComment = $config[comment_root]
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_root
#nsCaRevocationUrl =
nsCaPolicyUrl = $config[base_url]$config[policy_url]
nsCaPolicyUrl = $configBase_url$configPolicy_url
[ email_ext ]
basicConstraints = critical, CA:false
@@ -418,12 +499,12 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib]
nsComment = $config[comment_email]
nsBaseUrl = $config[base_url]
nsRevocationUrl = $config[revoke_url]
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_email
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
#nsRenewalUrl =
nsCaPolicyUrl = $config[base_url]$config[policy_url]
nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName =
[ email_signing_ext ]
@@ -435,28 +516,28 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib]
nsComment = $config[comment_sign]
nsBaseUrl = $config[base_url]
nsRevocationUrl = $config[revoke_url]
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_sign
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
#nsRenewalUrl =
nsCaPolicyUrl = $config[base_url]$config[policy_url]
nsCaPolicyUrl = $configBase_url$configPolicy_url
#nsSslServerName =
[ server_ext ]
basicConstraints = CA:false
basicConstraints = critical, CA:false
keyUsage = critical, digitalSignature, keyEncipherment
nsCertType = critical, server
extendedKeyUsage = critical, serverAuth, 1.3.6.1.5.5.7.3.1
nsCertType = server
extendedKeyUsage = critical, serverAuth
subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
subjectAltName = $server_altnames
issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib]
nsComment = $config[comment_srv]
nsBaseUrl = $config[base_url]
nsRevocationUrl = $config[revoke_url]
nsCaPolicyUrl = $config[base_url]$config[policy_url]
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $configComment_srv
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $configBase_url$configPolicy_url
[ time_stamping_ext ]
basicConstraints = CA:false
@@ -466,11 +547,11 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
issuerAltName = issuer:copy
crlDistributionPoints = URI:$config[base_url]$config[crl_distrib]
crlDistributionPoints = URI:$configBase_url$configCrl_dist
nsComment = $config[comment_stamp]
nsBaseUrl = $config[base_url]
nsRevocationUrl = $config[revoke_url]
nsCaPolicyUrl = $config[base_url]$config[policy_url]
nsBaseUrl = $configBase_url
nsRevocationUrl = $configRevoke_url
nsCaPolicyUrl = $configBase_url$configPolicy_url
[ vpn_client_ext ]
basicConstraints = critical, CA:false
@@ -499,12 +580,12 @@ subjectKeyIdentifier = hash
authorityKeyIdentifier = keyid:always, issuer:always
subjectAltName = DNS:$common_name,email:copy
[ crl_ext ]
issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always,issuer:always
EOS;
";
$config_txt2 = <<< EOS
[ req ]
@@ -545,6 +626,14 @@ basicConstraints = critical, CA:false
EOS;
$configCountry = $config['country'];
$configProvince = $config['province'];
$configLocality = $config['locality'];
$configOrganization = $config['organization'];
$configUnit = $config['unit'];
$configCommon_name = $config['common_name'];
$configEmailaddress = $config['contact'];
$config_txt3 = <<< EOS
[ req ]
default_bits = 2048
@@ -555,13 +644,13 @@ req_extensions = req_ext
prompt = no
[ req_name ]
C = $config[country]
ST = $config[province]
L = $config[locality]
O = $config[organization]
OU = $config[unit]
CN = $config[common_name]
emailAddress = $config[contact]
C = $configCountry
ST = $configProvince
L = $configLocality
O = $configOrganization
OU = $configUnit
CN = $configCommon_name
emailAddress = $configEmailaddress
[ req_ext ]
basicConstraints = critical, CA:true
@@ -572,26 +661,27 @@ EOS;
#
# Write the permanent OpenSSL config
#
$fd = fopen($config['openssl_cnf'],'w');
$fd = fopen($config['openssl_cnf'], 'w');
fwrite($fd, $config_txt1 . $config_txt2);
fclose($fd);
#
# Write the temporary OpenSSL config
#
$tmp_cnf = "$config[home_dir]/tmp/openssl.cnf";
$fd = fopen($tmp_cnf,'w');
$configHome_dir = $config['home_dir'];
$tmp_cnf = "$configHome_dir/tmp/openssl.cnf";
$fd = fopen($tmp_cnf, 'w');
fwrite($fd, $config_txt1 . $config_txt3);
fclose($fd);
#
# Intialize index.txt and serial files
#
$fd = fopen($config['index'],'w');
$fd = fopen($config['index'], 'w');
fwrite($fd, "");
fclose($fd);
#
$fd = fopen($config['serial'],'w');
$fd = fopen($config['serial'], 'w');
fwrite($fd, "100001");
fclose($fd);
@@ -600,14 +690,23 @@ EOS;
#
$days = $config['expiry'] * 365.25;
#
# Create a new self-signed CA certificate in PEM format.
#
print '<strong>Creating root certificate...</strong><br>';
flush();
$configOpenssl_cnf = $config['openssl_cnf'];
$configPrivate_dir = $config['private_dir'];
$configCacert_pem = $config['cacert_pem'];
$configCa_pwd = $config['ca_pwd'];
$configCakey = $config['cakey'];
$configRandom = $config['random'];
$configCacrl_der = $config['cacrl_der'];
$configCacrl_pem = $config['cacrl_pem'];
// .rnd created here
exec(REQ . " -x509 -config $tmp_cnf -extensions root_ext -newkey rsa:$keysize -keyout $config[cakey] -out $config[cacert_pem] -passout pass:'$config[ca_pwd]' -days $days 2>&1");
exec(REQ . " -x509 -config $tmp_cnf -extensions root_ext -newkey rsa:$keysize -keyout $configCakey -out $configCacert_pem -passout pass:'$configCa_pwd' -days $days 2>&1");
# **** DISABLED *****
# It appears that both IE and Netscape accept PEM formatted root certificates
@@ -621,16 +720,18 @@ EOS;
#
print '<strong>Generating certificate revocation list...</strong><br>';
flush();
exec(CA . " -gencrl -config $config[openssl_cnf] -out $config[cacrl_pem] -passin pass:'$config[ca_pwd]'");
exec(CA . " -gencrl -config $configOpenssl_cnf -out $configCacrl_pem -passin pass:'$configCa_pwd'");
# Make a copy of the CRL in DER format.
#
exec(CRL . " -in $config[cacrl_pem] -out $config[cacrl_der] -inform PEM -outform DER");
exec(CRL . " -in $configCacrl_pem -out $configCarcrl_der -inform PEM -outform DER");
#
# Clean up.
#
if (! unlink("$store_dir/tmp/openssl.cnf")) print "Can't unlink $store_dir/tmp/openssl.cnf";
if (! unlink("$store_dir/tmp/openssl.cnf")) {
print "Can't unlink $store_dir/tmp/openssl.cnf";
}
#
# Create dhparam files for OpenVPN and others.
@@ -650,10 +751,10 @@ EOS;
print '<p><strong>Creating 2048 bit Diffie-Hellman parameters used by OpenVPN.<br>';
print "Saving to $store_dir/dhparam2048.pem.</strong><br>";
$cmd = "openssl dhparam -rand '$config[random]' -out '$config[private_dir]/dhparam2048.pem' 2048";
$cmd = "openssl dhparam -rand '$configRandom' -out '$configPrivate_dir/dhparam2048.pem' 2048";
print $cmd.'<br>';
flush();
flush_exec($cmd,200);
flush_exec($cmd, 200);
print "Please ignore warnings about \"unable to write 'random state' <br><br>";
@@ -663,18 +764,17 @@ EOS;
$command = 'which openvpn';
$command = escapeshellcmd($command);
if (system ($command) == '/usr/sbin/openvpn') {
if (system($command) == '/usr/sbin/openvpn') {
print '<p><strong>Creating a TLS authentication key used by OpenVPN.<br>';
print "Saving to $store_dir/takey.pem.</strong><br>";
$cmd = "openvpn --genkey --secret '$config[private_dir]/takey.pem'";
$cmd = "openvpn --genkey --secret '$configPrivate_dir/takey.pem'";
print $cmd.'<br>';
flush();
flush_exec($cmd);
} else {
echo "openvpn is required to generate a takey.pem<br>";
echo "You can create one later like this:<br>";
echo "openvpn --genkey --secret". $config['private_dir'] . "/takey.pem<br>";
echo "openvpn --genkey --secret". $configPrivate_dir . "/takey.pem<br>";
}
@@ -682,11 +782,21 @@ EOS;
#
# Step aside and let the users in (create index.php files).
#
if (! unlink('index.php')) print "Can't unlink index.php";
if (! unlink('setup.php')) print "Can't unlink setup.php";;
if (! unlink('ca/index.php')) print "Can't unlink ca/index.php";
if (! symlink('main.php','index.php')) print "Can't symlink main.php";
if (! symlink('main.php','ca/index.php')) print "Can't symlink ca/main.php";
if (! unlink('index.php')) {
print "Can't unlink index.php";
}
if (! unlink('setup.php')) {
print "Can't unlink setup.php";
};
if (! unlink('ca/index.php')) {
print "Can't unlink ca/index.php";
}
if (! symlink('main.php', 'index.php')) {
print "Can't symlink main.php";
}
if (! symlink('main.php', 'ca/index.php')) {
print "Can't symlink ca/main.php";
}
?>
<center>
@@ -705,27 +815,60 @@ EOS;
printFooter();
break;
default:
if (! $country) $country = $config['country'];
if (! $province) $province = $config['province'];
if (! $locality) $locality = $config['locality'];
if (! $organization) $organization = $config['organization'];
if (! $contact) $contact = $config['contact'];
if (! $expiry) $expiry = $config['expiry'];
if (! $expiry) $expiry = 10;
if (! $keysize) $keysize = $config['keysize'];
if (! $keysize) $keysize = 2048;
if (! $passwd) $passwd = $config['ca_pwd'];
if (! $passwdv) $passwdv = $passwd;
default:
if (! $country) {
$country = $config['country'];
}
if (! $province) {
$province = $config['province'];
}
if (! $locality) {
$locality = $config['locality'];
}
if (! $organization) {
$organization = $config['organization'];
}
if (! $contact) {
$contact = $config['contact'];
}
if (! $expiry) {
$expiry = $config['expiry'];
}
if (! $expiry) {
$expiry = 10;
}
if (! $keysize) {
$keysize = $config['keysize'];
}
if (! $keysize) {
$keysize = 2048;
}
if (! $passwd) {
$passwd = $config['ca_pwd'];
}
if (! $passwdv) {
$passwdv = $passwd;
}
if (! $unit) $unit = $config['unit'];
if (! $unit) $unit = "Certificate Authority";
if (! $unit) {
$unit = $config['unit'];
}
if (! $unit) {
$unit = "Certificate Authority";
}
if (! $common_name) $common_name = $config['common_name'];
if (! $common_name) $common_name = "PHPki Certificate Authority";
if (! $common_name) {
$common_name = $config['common_name'];
}
if (! $common_name) {
$common_name = "PHPki Certificate Authority";
}
if (! $getting_help) $getting_help = $config['getting_help'];
if (! $getting_help) $getting_help = '
if (! $getting_help) {
$getting_help = $config['getting_help'];
}
if (! $getting_help) {
$getting_help = '
<b>Contact:</b><br>
First-Name Last-Name<br>
Company/Organization Name<br>
@@ -735,32 +878,69 @@ City, State, ZipCode<br>
<br>
Phone: (000) 000-0000<br>
E-mail: <a href=mailto:someone@somewhere.com>someone@somewhere.com</a>&nbsp;&nbsp;&nbsp;<i><b>E-mail is preferred.</b></i><br>';
}
if (! $store_dir) $store_dir = dirname($_SERVER['DOCUMENT_ROOT']).'/phpki-store';
if (! $store_dir) {
$store_dir = dirname($_SERVER['DOCUMENT_ROOT']).'/phpki-store';
}
if (! $base_url) $base_url = $config['base_url'];
if (! $base_url) $base_url = 'http://www.somewhere.com/phpki/';
if (! $base_url) {
$base_url = $config['base_url'];
}
if (! $base_url) {
$base_url = 'http://www.somewhere.com/phpki/';
}
if (! $crl_distrib) $crl_distrib = 'index.php?stage=dl_crl';
if (! $revoke_url) $revoke_url = 'ns_revoke_query.php?';
if (! $policy_url) $policy_url = 'policy.html';
if (! $crl_distrib) {
$crl_distrib = 'index.php?stage=dl_crl';
}
if (! $revoke_url) {
$revoke_url = 'ns_revoke_query.php?';
}
if (! $policy_url) {
$policy_url = 'policy.html';
}
if (! $comment_root) $comment_root = 'PHPki/OpenSSL Generated Root Certificate Authority';
if (! $comment_email) $comment_email = 'PHPki/OpenSSL Generated Personal Certificate';
if (! $comment_sign) $comment_sign = 'PHPki/OpenSSL Generated Personal Certificate';
if (! $comment_srv) $comment_srv = 'PHPki/OpenSSL Generated Secure Server Certificate';
if (! $comment_stamp) $comment_stamp = 'PHPki/OpenSSL Generated Time Stamping Certificate';
if (! $comment_root) {
$comment_root = 'PHPki/OpenSSL Generated Root Certificate Authority';
}
if (! $comment_email) {
$comment_email = 'PHPki/OpenSSL Generated Personal Certificate';
}
if (! $comment_sign) {
$comment_sign = 'PHPki/OpenSSL Generated Personal Certificate';
}
if (! $comment_srv) {
$comment_srv = 'PHPki/OpenSSL Generated Secure Server Certificate';
}
if (! $comment_stamp) {
$comment_stamp = 'PHPki/OpenSSL Generated Time Stamping Certificate';
}
if (! $ca_prefix) $ca_prefix = $config['ca_prefix'];
if (! $ca_prefix) {
$ca_prefix = $config['ca_prefix'];
}
if (! $openssl_bin) $openssl_bin = $config['openssl_bin'];
if (! $openssl_bin) $openssl_bin = '/usr/bin/openssl';
if (! $openssl_bin) {
$openssl_bin = $config['openssl_bin'];
}
if (! $openssl_bin) {
$openssl_bin = '/usr/bin/openssl';
}
if (! $passwd_file) $passwd_file = $config['passwd_file'];
if (! $passwd_file) $passwd_file = dirname($_SERVER['DOCUMENT_ROOT']).'/phpkipasswd';
if (! $passwd_file) {
$passwd_file = $config['passwd_file'];
}
if (! $passwd_file) {
$passwd_file = dirname($_SERVER['DOCUMENT_ROOT']).'/phpkipasswd';
}
if (! $header_title) $header_title = $config['header_title'];
if (! $header_title) $header_title = 'Certificate Authority';
if (! $header_title) {
$header_title = $config['header_title'];
}
if (! $header_title) {
$header_title = 'Certificate Authority';
}
printHeader('setup');
?>
@@ -833,7 +1013,7 @@ E-mail: <a href=mailto:someone@somewhere.com>someone@somewhere.com</a>&nbsp;&nbs
<td><select name=expiry>
<?php
for ( $i = 5 ; $i <= 15 ; $i+=5 ) {
for ($i = 5; $i <= 15; $i+=5) {
print "<option value=$i " . ($expiry == $i ? "selected='selected'" : "") . " >$i Years</option>\n" ;
}
?>
@@ -849,7 +1029,7 @@ E-mail: <a href=mailto:someone@somewhere.com>someone@somewhere.com</a>&nbsp;&nbs
<td><select name=keysize>
<?php
for ( $i = 1024 ; $i <= 4096 ; $i+=512 ) {
for ($i = 1024; $i <= 4096; $i+=512) {
print "<option value=$i " . ($keysize == $i ? "selected='selected'" : "") . ">$i bits</option>\n" ;
}
?>
@@ -1051,6 +1231,7 @@ E-mail: <a href=mailto:someone@somewhere.com>someone@somewhere.com</a>&nbsp;&nbs
break;
}
function create_ca_cnf($email, $expiry) {
function create_ca_cnf($email, $expiry)
{
}
?>