ISPConfig3 devel
parent: 0930f5fc | patch | commit | ignore whitespace
laking
2011-04-02 5c4d55084f8c7cb2bb5ca5f81ecbd82afd1fdd18 
Implemented local CA certificate signing.
15 files modified
83 ■■■■■ changed files
install/dist/conf/centos52.conf.php 2 ●●●●● patch | view | raw | blame | history
install/dist/conf/centos53.conf.php 2 ●●●●● patch | view | raw | blame | history
install/dist/conf/debian40.conf.php 3 ●●●●● patch | view | raw | blame | history
install/dist/conf/debian60.conf.php 3 ●●●●● patch | view | raw | blame | history
install/dist/conf/fedora9.conf.php 2 ●●●●● patch | view | raw | blame | history
install/dist/conf/gentoo.conf.php 3 ●●●●● patch | view | raw | blame | history
install/dist/conf/opensuse110.conf.php 2 ●●●●● patch | view | raw | blame | history
install/dist/conf/opensuse112.conf.php 2 ●●●●● patch | view | raw | blame | history
install/dist/lib/fedora.lib.php 4 ●●●● patch | view | raw | blame | history
install/dist/lib/gentoo.lib.php 4 ●●●● patch | view | raw | blame | history
install/dist/lib/opensuse.lib.php 4 ●●●● patch | view | raw | blame | history
install/install.php 13 ●●●●● patch | view | raw | blame | history
install/tpl/config.inc.php.master 4 ●●●● patch | view | raw | blame | history
install/update.php 14 ●●●●● patch | view | raw | blame | history
server/plugins-available/apache2_plugin.inc.php 21 ●●●● patch | view | raw | blame | history 
 install/dist/conf/centos52.conf.php


@@ -186,4 +186,6 @@


$conf['cron']['crontab_dir'] = '/etc/cron.d';


$conf['cron']['wget'] = '/usr/bin/wget';




$conf['CA-path'] = '/etc/pki/CA';




?>




 install/dist/conf/centos53.conf.php


@@ -186,4 +186,6 @@


$conf['cron']['crontab_dir'] = '/etc/cron.d';


$conf['cron']['wget'] = '/usr/bin/wget';




$conf['CA-path'] = '/etc/pki/CA';




?>




 install/dist/conf/debian40.conf.php


@@ -190,5 +190,8 @@


$conf['cron']['init_script'] = 'cron';



$conf['cron']['crontab_dir'] = '/etc/cron.d';



$conf['cron']['wget'] = '/usr/bin/wget';





$conf['CA-path'] = '/etc/ssl';








?>





 install/dist/conf/debian60.conf.php


@@ -190,5 +190,8 @@


$conf['cron']['init_script'] = 'cron';



$conf['cron']['crontab_dir'] = '/etc/cron.d';



$conf['cron']['wget'] = '/usr/bin/wget';





$conf['CA-path'] = '/etc/ssl';








?>





 install/dist/conf/fedora9.conf.php


@@ -186,4 +186,6 @@


$conf['cron']['crontab_dir'] = '/etc/cron.d';


$conf['cron']['wget'] = '/usr/bin/wget';




$conf['CA-path'] = '/etc/pki/CA';




?>




 install/dist/conf/gentoo.conf.php


@@ -202,4 +202,7 @@


$conf['cron']['crontab_dir'] = '/etc/cron.d';


$conf['cron']['group'] = 'cron';


$conf['cron']['wget'] = '/usr/bin/wget';




$conf['CA-path'] = '/etc/ssl';




?>




 install/dist/conf/opensuse110.conf.php


@@ -186,4 +186,6 @@


$conf['cron']['crontab_dir'] = '/etc/cron.d';


$conf['cron']['wget'] = '/usr/bin/wget';




$conf['CA-path'] = '/etc/ssl';




?>




 install/dist/conf/opensuse112.conf.php


@@ -186,4 +186,6 @@


$conf['cron']['crontab_dir'] = '/etc/cron.d';


$conf['cron']['wget'] = '/usr/bin/wget';




$conf['CA-path'] = '/etc/ssl';




?>




 install/dist/lib/fedora.lib.php


@@ -695,6 +695,10 @@


        $content = str_replace('{server_id}', $conf['server_id'], $content);


        $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);


        $content = str_replace('{language}', $conf['language'], $content);




        if (!$conf['CA-enabled']) $content = str_replace('$conf[\'CA', '//$conf[\'CA', $content);


        $content = str_replace('{CA-path}', $conf['CA-path'], $content);


        $content = str_replace('{CA-pass}', $conf['CA-pass'], $content);


        


        wf("$install_dir/server/lib/$configfile", $content);


        




 install/dist/lib/gentoo.lib.php


@@ -667,6 +667,10 @@


        


        $this->write_config_file("$install_dir/interface/lib/$configfile", $content);


        


        if(!$conf['CA-enabled']) $content = str_replace('$conf[\'CA','//$conf[\'CA', $content);


        $content = str_replace('{CA-path}', $conf['CA-path'], $content);


        $content = str_replace('{CA-pass}', $conf['CA-pass'], $content);




        //* Create the config file for ISPConfig server


        $this->write_config_file("$install_dir/server/lib/$configfile", $content);


        




 install/dist/lib/opensuse.lib.php


@@ -708,6 +708,10 @@


        $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content);


        $content = str_replace('{language}', $conf['language'], $content);


        


        if(!$conf['CA-enabled']) $content = str_replace('$conf[\'CA','//$conf[\'CA', $content);


        $content = str_replace('{CA-path}', $conf['CA-path'], $content);


        $content = str_replace('{CA-pass}', $conf['CA-pass'], $content);




        wf("$install_dir/server/lib/$configfile", $content);


        


        //* Create the config file for remote-actions (but only, if it does not exist, because




 install/install.php


@@ -438,6 +438,19 @@


        $inst->configure_firewall();



    }



    



    //** Configure CA



    if(strtolower($inst->simple_query('Should this installation use a local CA to default-sign certificates?',array('y','n'),'n')) == 'y') {	


        $conf['CA-enabled'] = true;



        $conf['CA-path'] = $inst->free_query('Path to the CA folder: ', $conf['CA-path']);



        $conf['CA-pass'] = $inst->free_query('Root Certificate Passphrase', '');



        if(!is_file($conf['CA-path'].'/openssl.cnf'))



        {



            swriteln('ERROR. '.$conf['CA-path'].'/openssl.cnf not found.');



            $conf['CA-enabled'] = false;



        } 


        //$inst->configure_ca();



    } else {$conf['CA-enabled'] = false;};



	


    //** Configure ISPConfig :-)



    if(strtolower($inst->simple_query('Install ISPConfig Web Interface',array('y','n'),'y')) == 'y') {



        swriteln('Installing ISPConfig');





 install/tpl/config.inc.php.master


@@ -157,6 +157,10 @@


$conf['start_db'] = true;


$conf['start_session'] = true;




//** CA-configuration


$conf['CA-path'] = '{CA-path}';


$conf['CA-pass'] = '{CA-pass}';






//** Constants


define('LOGLEVEL_DEBUG',0);




 install/update.php


@@ -303,6 +303,20 @@


    //}



}







    //** Configure CA



    if(strtolower($inst->simple_query('Should this installation use a local CA to default-sign certificates?',array('y','n'),'n')) == 'y') {	


        $conf['CA-enabled'] = true;



        $conf['CA-path'] = $inst->free_query('Path to the CA folder: ', $conf['CA-path']);



        $conf['CA-pass'] = $inst->free_query('Root Certificate Passphrase', '');



        if(!is_file($conf['CA-path'].'/openssl.cnf'))



        {



            swriteln('ERROR. '.$conf['CA-path'].'/openssl.cnf not found.');



            $conf['CA-enabled'] = false;



        } 


        //$inst->configure_ca();



    } else {$conf['CA-enabled'] = false;};











//** Configure ISPConfig



swriteln('Updating ISPConfig');









 server/plugins-available/apache2_plugin.inc.php


@@ -137,8 +137,18 @@


            $crt_file = escapeshellcmd($crt_file);




            if(is_file($ssl_cnf_file)) {


                exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file && openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file && openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");


                $app->log('Creating SSL Cert for: '.$domain,LOGLEVEL_DEBUG);


	    


                exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048");


                exec("openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file");


                if(isset($conf['CA-path']) && isset($conf['CA-pass']) )


                {


                    exec("openssl ca -batch -out $crt_file -config ".$conf['CA-path']."/openssl.cnf -passin pass:".$conf['CA-pass']." -in $csr_file");


                    $app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);


                } else{


                    exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file ");


                    $app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);


                };


            exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2");


            }




            exec('chmod 400 '.$key_file2);


@@ -178,6 +188,11 @@


            $csr_file = $ssl_dir.'/'.$domain.'.csr';


            $crt_file = $ssl_dir.'/'.$domain.'.crt';


            $bundle_file = $ssl_dir.'/'.$domain.'.bundle';


            if(isset($conf['CA-path']) && isset($conf['CA-pass']) )


                {


                    exec("openssl ca -batch -config ".$conf['CA-path']."/openssl.cnf -passin pass:".$conf['CA-pass']." -revoke $crt_file");


                    $app->log("Revoking CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG);


                };


            unlink($csr_file);


            unlink($crt_file);


            unlink($bundle_file);


@@ -597,7 +612,7 @@


        $crt_file = $ssl_dir.'/'.$domain.'.crt';


        $bundle_file = $ssl_dir.'/'.$domain.'.bundle';




        if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) {


        if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0)  && (@filesize($key_file)>0)) {


            $vhost_data['ssl_enabled'] = 1;


            $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG);


        } else {