Implemented local CA certificate signing.
| | |
| | | $conf['cron']['crontab_dir'] = '/etc/cron.d'; |
| | | $conf['cron']['wget'] = '/usr/bin/wget'; |
| | | |
| | | $conf['CA-path'] = '/etc/pki/CA'; |
| | | |
| | | ?> |
| | |
| | | $conf['cron']['crontab_dir'] = '/etc/cron.d'; |
| | | $conf['cron']['wget'] = '/usr/bin/wget'; |
| | | |
| | | $conf['CA-path'] = '/etc/pki/CA'; |
| | | |
| | | ?> |
| | |
| | | $conf['cron']['init_script'] = 'cron';
|
| | | $conf['cron']['crontab_dir'] = '/etc/cron.d';
|
| | | $conf['cron']['wget'] = '/usr/bin/wget';
|
| | | |
| | | $conf['CA-path'] = '/etc/ssl'; |
| | | |
| | |
|
| | | ?>
|
| | |
| | | $conf['cron']['init_script'] = 'cron';
|
| | | $conf['cron']['crontab_dir'] = '/etc/cron.d';
|
| | | $conf['cron']['wget'] = '/usr/bin/wget';
|
| | | |
| | | $conf['CA-path'] = '/etc/ssl'; |
| | | |
| | |
|
| | | ?>
|
| | |
| | | $conf['cron']['crontab_dir'] = '/etc/cron.d'; |
| | | $conf['cron']['wget'] = '/usr/bin/wget'; |
| | | |
| | | $conf['CA-path'] = '/etc/pki/CA'; |
| | | |
| | | ?> |
| | |
| | | $conf['cron']['crontab_dir'] = '/etc/cron.d'; |
| | | $conf['cron']['group'] = 'cron'; |
| | | $conf['cron']['wget'] = '/usr/bin/wget'; |
| | | |
| | | $conf['CA-path'] = '/etc/ssl'; |
| | | |
| | | ?> |
| | |
| | | $conf['cron']['crontab_dir'] = '/etc/cron.d'; |
| | | $conf['cron']['wget'] = '/usr/bin/wget'; |
| | | |
| | | $conf['CA-path'] = '/etc/ssl'; |
| | | |
| | | ?> |
| | |
| | | $conf['cron']['crontab_dir'] = '/etc/cron.d'; |
| | | $conf['cron']['wget'] = '/usr/bin/wget'; |
| | | |
| | | $conf['CA-path'] = '/etc/ssl'; |
| | | |
| | | ?> |
| | |
| | | $content = str_replace('{server_id}', $conf['server_id'], $content); |
| | | $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content); |
| | | $content = str_replace('{language}', $conf['language'], $content); |
| | | |
| | | if (!$conf['CA-enabled']) $content = str_replace('$conf[\'CA', '//$conf[\'CA', $content); |
| | | $content = str_replace('{CA-path}', $conf['CA-path'], $content); |
| | | $content = str_replace('{CA-pass}', $conf['CA-pass'], $content); |
| | | |
| | | wf("$install_dir/server/lib/$configfile", $content); |
| | | |
| | |
| | | |
| | | $this->write_config_file("$install_dir/interface/lib/$configfile", $content); |
| | | |
| | | if(!$conf['CA-enabled']) $content = str_replace('$conf[\'CA','//$conf[\'CA', $content); |
| | | $content = str_replace('{CA-path}', $conf['CA-path'], $content); |
| | | $content = str_replace('{CA-pass}', $conf['CA-pass'], $content); |
| | | |
| | | //* Create the config file for ISPConfig server |
| | | $this->write_config_file("$install_dir/server/lib/$configfile", $content); |
| | | |
| | |
| | | $content = str_replace('{ispconfig_log_priority}', $conf['ispconfig_log_priority'], $content); |
| | | $content = str_replace('{language}', $conf['language'], $content); |
| | | |
| | | if(!$conf['CA-enabled']) $content = str_replace('$conf[\'CA','//$conf[\'CA', $content); |
| | | $content = str_replace('{CA-path}', $conf['CA-path'], $content); |
| | | $content = str_replace('{CA-pass}', $conf['CA-pass'], $content); |
| | | |
| | | wf("$install_dir/server/lib/$configfile", $content); |
| | | |
| | | //* Create the config file for remote-actions (but only, if it does not exist, because |
| | |
| | | $inst->configure_firewall();
|
| | | }
|
| | |
|
| | | //** Configure CA
|
| | | if(strtolower($inst->simple_query('Should this installation use a local CA to default-sign certificates?',array('y','n'),'n')) == 'y') { |
| | | $conf['CA-enabled'] = true;
|
| | | $conf['CA-path'] = $inst->free_query('Path to the CA folder: ', $conf['CA-path']);
|
| | | $conf['CA-pass'] = $inst->free_query('Root Certificate Passphrase', '');
|
| | | if(!is_file($conf['CA-path'].'/openssl.cnf'))
|
| | | {
|
| | | swriteln('ERROR. '.$conf['CA-path'].'/openssl.cnf not found.');
|
| | | $conf['CA-enabled'] = false;
|
| | | } |
| | | //$inst->configure_ca();
|
| | | } else {$conf['CA-enabled'] = false;};
|
| | | |
| | | //** Configure ISPConfig :-)
|
| | | if(strtolower($inst->simple_query('Install ISPConfig Web Interface',array('y','n'),'y')) == 'y') {
|
| | | swriteln('Installing ISPConfig');
|
| | |
| | | $conf['start_db'] = true; |
| | | $conf['start_session'] = true; |
| | | |
| | | //** CA-configuration |
| | | $conf['CA-path'] = '{CA-path}'; |
| | | $conf['CA-pass'] = '{CA-pass}'; |
| | | |
| | | |
| | | //** Constants |
| | | define('LOGLEVEL_DEBUG',0); |
| | |
| | | //}
|
| | | }
|
| | |
|
| | | //** Configure CA
|
| | | if(strtolower($inst->simple_query('Should this installation use a local CA to default-sign certificates?',array('y','n'),'n')) == 'y') { |
| | | $conf['CA-enabled'] = true;
|
| | | $conf['CA-path'] = $inst->free_query('Path to the CA folder: ', $conf['CA-path']);
|
| | | $conf['CA-pass'] = $inst->free_query('Root Certificate Passphrase', '');
|
| | | if(!is_file($conf['CA-path'].'/openssl.cnf'))
|
| | | {
|
| | | swriteln('ERROR. '.$conf['CA-path'].'/openssl.cnf not found.');
|
| | | $conf['CA-enabled'] = false;
|
| | | } |
| | | //$inst->configure_ca();
|
| | | } else {$conf['CA-enabled'] = false;};
|
| | |
|
| | |
|
| | | //** Configure ISPConfig
|
| | | swriteln('Updating ISPConfig');
|
| | |
|
| | |
| | | $crt_file = escapeshellcmd($crt_file); |
| | | |
| | | if(is_file($ssl_cnf_file)) { |
| | | exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048 && openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file && openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file && openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2"); |
| | | $app->log('Creating SSL Cert for: '.$domain,LOGLEVEL_DEBUG); |
| | | |
| | | exec("openssl genrsa -des3 -rand $rand_file -passout pass:$ssl_password -out $key_file 2048"); |
| | | exec("openssl req -new -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -out $csr_file -days $ssl_days -config $config_file"); |
| | | if(isset($conf['CA-path']) && isset($conf['CA-pass']) ) |
| | | { |
| | | exec("openssl ca -batch -out $crt_file -config ".$conf['CA-path']."/openssl.cnf -passin pass:".$conf['CA-pass']." -in $csr_file"); |
| | | $app->log("Creating CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG); |
| | | } else{ |
| | | exec("openssl req -x509 -passin pass:$ssl_password -passout pass:$ssl_password -key $key_file -in $csr_file -out $crt_file -days $ssl_days -config $config_file "); |
| | | $app->log("Creating self-signed SSL Cert for: $domain",LOGLEVEL_DEBUG); |
| | | }; |
| | | exec("openssl rsa -passin pass:$ssl_password -in $key_file -out $key_file2"); |
| | | } |
| | | |
| | | exec('chmod 400 '.$key_file2); |
| | |
| | | $csr_file = $ssl_dir.'/'.$domain.'.csr'; |
| | | $crt_file = $ssl_dir.'/'.$domain.'.crt'; |
| | | $bundle_file = $ssl_dir.'/'.$domain.'.bundle'; |
| | | if(isset($conf['CA-path']) && isset($conf['CA-pass']) ) |
| | | { |
| | | exec("openssl ca -batch -config ".$conf['CA-path']."/openssl.cnf -passin pass:".$conf['CA-pass']." -revoke $crt_file"); |
| | | $app->log("Revoking CA-signed SSL Cert for: $domain",LOGLEVEL_DEBUG); |
| | | }; |
| | | unlink($csr_file); |
| | | unlink($crt_file); |
| | | unlink($bundle_file); |
| | |
| | | $crt_file = $ssl_dir.'/'.$domain.'.crt'; |
| | | $bundle_file = $ssl_dir.'/'.$domain.'.bundle'; |
| | | |
| | | if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file)) { |
| | | if($data['new']['ssl'] == 'y' && @is_file($crt_file) && @is_file($key_file) && (@filesize($crt_file)>0) && (@filesize($key_file)>0)) { |
| | | $vhost_data['ssl_enabled'] = 1; |
| | | $app->log('Enable SSL for: '.$domain,LOGLEVEL_DEBUG); |
| | | } else { |