Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Register
Sign in
Toggle navigation
Menu
Open sidebar
Dirk Dankhoff
ISPConfig 3
Commits
5c4d5508
Commit
5c4d5508
authored
Apr 02, 2011
by
laking
Browse files
Implemented local CA certificate signing.
parent
0930f5fc
Changes
15
Hide whitespace changes
Inline
Side-by-side
install/dist/conf/centos52.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/pki/CA'
;
?>
install/dist/conf/centos53.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/pki/CA'
;
?>
install/dist/conf/debian40.conf.php
View file @
5c4d5508
...
...
@@ -190,5 +190,8 @@ $conf['vlogger']['config_dir'] = '/etc';
$conf
[
'cron'
][
'init_script'
]
=
'cron'
;
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/conf/debian60.conf.php
View file @
5c4d5508
...
...
@@ -190,5 +190,8 @@ $conf['vlogger']['config_dir'] = '/etc';
$conf
[
'cron'
][
'init_script'
]
=
'cron'
;
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/conf/fedora9.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/pki/CA'
;
?>
install/dist/conf/gentoo.conf.php
View file @
5c4d5508
...
...
@@ -202,4 +202,7 @@ $conf['cron']['init_script'] = 'vixie-cron';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'group'
]
=
'cron'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/conf/opensuse110.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'cron';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/conf/opensuse112.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'cron';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/lib/fedora.lib.php
View file @
5c4d5508
...
...
@@ -695,6 +695,10 @@ class installer_dist extends installer_base {
$content
=
str_replace
(
'{server_id}'
,
$conf
[
'server_id'
],
$content
);
$content
=
str_replace
(
'{ispconfig_log_priority}'
,
$conf
[
'ispconfig_log_priority'
],
$content
);
$content
=
str_replace
(
'{language}'
,
$conf
[
'language'
],
$content
);
if
(
!
$conf
[
'CA-enabled'
])
$content
=
str_replace
(
'$conf[\'CA'
,
'//$conf[\'CA'
,
$content
);
$content
=
str_replace
(
'{CA-path}'
,
$conf
[
'CA-path'
],
$content
);
$content
=
str_replace
(
'{CA-pass}'
,
$conf
[
'CA-pass'
],
$content
);
wf
(
"
$install_dir
/server/lib/
$configfile
"
,
$content
);
...
...
install/dist/lib/gentoo.lib.php
View file @
5c4d5508
...
...
@@ -667,6 +667,10 @@ class installer extends installer_base
$this
->
write_config_file
(
"
$install_dir
/interface/lib/
$configfile
"
,
$content
);
if
(
!
$conf
[
'CA-enabled'
])
$content
=
str_replace
(
'$conf[\'CA'
,
'//$conf[\'CA'
,
$content
);
$content
=
str_replace
(
'{CA-path}'
,
$conf
[
'CA-path'
],
$content
);
$content
=
str_replace
(
'{CA-pass}'
,
$conf
[
'CA-pass'
],
$content
);
//* Create the config file for ISPConfig server
$this
->
write_config_file
(
"
$install_dir
/server/lib/
$configfile
"
,
$content
);
...
...
install/dist/lib/opensuse.lib.php
View file @
5c4d5508
...
...
@@ -708,6 +708,10 @@ class installer_dist extends installer_base {
$content
=
str_replace
(
'{ispconfig_log_priority}'
,
$conf
[
'ispconfig_log_priority'
],
$content
);
$content
=
str_replace
(
'{language}'
,
$conf
[
'language'
],
$content
);
if
(
!
$conf
[
'CA-enabled'
])
$content
=
str_replace
(
'$conf[\'CA'
,
'//$conf[\'CA'
,
$content
);
$content
=
str_replace
(
'{CA-path}'
,
$conf
[
'CA-path'
],
$content
);
$content
=
str_replace
(
'{CA-pass}'
,
$conf
[
'CA-pass'
],
$content
);
wf
(
"
$install_dir
/server/lib/
$configfile
"
,
$content
);
//* Create the config file for remote-actions (but only, if it does not exist, because
...
...
install/install.php
View file @
5c4d5508
...
...
@@ -438,6 +438,19 @@ if($install_mode == 'standard') {
$inst
->
configure_firewall
();
}
//** Configure CA
if
(
strtolower
(
$inst
->
simple_query
(
'Should this installation use a local CA to default-sign certificates?'
,
array
(
'y'
,
'n'
),
'n'
))
==
'y'
)
{
$conf
[
'CA-enabled'
]
=
true
;
$conf
[
'CA-path'
]
=
$inst
->
free_query
(
'Path to the CA folder: '
,
$conf
[
'CA-path'
]);
$conf
[
'CA-pass'
]
=
$inst
->
free_query
(
'Root Certificate Passphrase'
,
''
);
if
(
!
is_file
(
$conf
[
'CA-path'
]
.
'/openssl.cnf'
))
{
swriteln
(
'ERROR. '
.
$conf
[
'CA-path'
]
.
'/openssl.cnf not found.'
);
$conf
[
'CA-enabled'
]
=
false
;
}
//$inst->configure_ca();
}
else
{
$conf
[
'CA-enabled'
]
=
false
;};
//** Configure ISPConfig :-)
if
(
strtolower
(
$inst
->
simple_query
(
'Install ISPConfig Web Interface'
,
array
(
'y'
,
'n'
),
'y'
))
==
'y'
)
{
swriteln
(
'Installing ISPConfig'
);
...
...
install/tpl/config.inc.php.master
View file @
5c4d5508
...
...
@@ -157,6 +157,10 @@ $conf['interface_logout_url'] = ''; // example: http://www.domain.tld/
$conf
[
'start_db'
]
=
true
;
$conf
[
'start_session'
]
=
true
;
//** CA-configuration
$conf
[
'CA-path'
]
=
'{CA-path}'
;
$conf
[
'CA-pass'
]
=
'{CA-pass}'
;
//** Constants
define
(
'LOGLEVEL_DEBUG'
,
0
);
...
...
install/update.php
View file @
5c4d5508
...
...
@@ -303,6 +303,20 @@ if($reconfigure_services_answer == 'yes') {
//}
}
//** Configure CA
if
(
strtolower
(
$inst
->
simple_query
(
'Should this installation use a local CA to default-sign certificates?'
,
array
(
'y'
,
'n'
),
'n'
))
==
'y'
)
{
$conf
[
'CA-enabled'
]
=
true
;
$conf
[
'CA-path'
]
=
$inst
->
free_query
(
'Path to the CA folder: '
,
$conf
[
'CA-path'
]);
$conf
[
'CA-pass'
]
=
$inst
->
free_query
(
'Root Certificate Passphrase'
,
''
);
if
(
!
is_file
(
$conf
[
'CA-path'
]
.
'/openssl.cnf'
))
{
swriteln
(
'ERROR. '
.
$conf
[
'CA-path'
]
.
'/openssl.cnf not found.'
);
$conf
[
'CA-enabled'
]
=
false
;
}
//$inst->configure_ca();
}
else
{
$conf
[
'CA-enabled'
]
=
false
;};
//** Configure ISPConfig
swriteln
(
'Updating ISPConfig'
);
...
...
server/plugins-available/apache2_plugin.inc.php
View file @
5c4d5508
...
...
@@ -137,8 +137,18 @@ class apache2_plugin {
$crt_file
=
escapeshellcmd
(
$crt_file
);
if
(
is_file
(
$ssl_cnf_file
))
{
exec
(
"openssl genrsa -des3 -rand
$rand_file
-passout pass:
$ssl_password
-out
$key_file
2048 && openssl req -new -passin pass:
$ssl_password
-passout pass:
$ssl_password
-key
$key_file
-out
$csr_file
-days
$ssl_days
-config
$config_file
&& openssl req -x509 -passin pass:
$ssl_password
-passout pass:
$ssl_password
-key
$key_file
-in
$csr_file
-out
$crt_file
-days
$ssl_days
-config
$config_file
&& openssl rsa -passin pass:
$ssl_password
-in
$key_file
-out
$key_file2
"
);
$app
->
log
(
'Creating SSL Cert for: '
.
$domain
,
LOGLEVEL_DEBUG
);
exec
(
"openssl genrsa -des3 -rand
$rand_file
-passout pass:
$ssl_password
-out
$key_file
2048"
);
exec
(
"openssl req -new -passin pass:
$ssl_password
-passout pass:
$ssl_password
-key
$key_file
-out
$csr_file
-days
$ssl_days
-config
$config_file
"
);
if
(
isset
(
$conf
[
'CA-path'
])
&&
isset
(
$conf
[
'CA-pass'
])
)
{
exec
(
"openssl ca -batch -out
$crt_file
-config "
.
$conf
[
'CA-path'
]
.
"/openssl.cnf -passin pass:"
.
$conf
[
'CA-pass'
]
.
" -in
$csr_file
"
);
$app
->
log
(
"Creating CA-signed SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
}
else
{
exec
(
"openssl req -x509 -passin pass:
$ssl_password
-passout pass:
$ssl_password
-key
$key_file
-in
$csr_file
-out
$crt_file
-days
$ssl_days
-config
$config_file
"
);
$app
->
log
(
"Creating self-signed SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
};
exec
(
"openssl rsa -passin pass:
$ssl_password
-in
$key_file
-out
$key_file2
"
);
}
exec
(
'chmod 400 '
.
$key_file2
);
...
...
@@ -178,6 +188,11 @@ class apache2_plugin {
$csr_file
=
$ssl_dir
.
'/'
.
$domain
.
'.csr'
;
$crt_file
=
$ssl_dir
.
'/'
.
$domain
.
'.crt'
;
$bundle_file
=
$ssl_dir
.
'/'
.
$domain
.
'.bundle'
;
if
(
isset
(
$conf
[
'CA-path'
])
&&
isset
(
$conf
[
'CA-pass'
])
)
{
exec
(
"openssl ca -batch -config "
.
$conf
[
'CA-path'
]
.
"/openssl.cnf -passin pass:"
.
$conf
[
'CA-pass'
]
.
" -revoke
$crt_file
"
);
$app
->
log
(
"Revoking CA-signed SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
};
unlink
(
$csr_file
);
unlink
(
$crt_file
);
unlink
(
$bundle_file
);
...
...
@@ -597,7 +612,7 @@ class apache2_plugin {
$crt_file
=
$ssl_dir
.
'/'
.
$domain
.
'.crt'
;
$bundle_file
=
$ssl_dir
.
'/'
.
$domain
.
'.bundle'
;
if
(
$data
[
'new'
][
'ssl'
]
==
'y'
&&
@
is_file
(
$crt_file
)
&&
@
is_file
(
$key_file
))
{
if
(
$data
[
'new'
][
'ssl'
]
==
'y'
&&
@
is_file
(
$crt_file
)
&&
@
is_file
(
$key_file
)
&&
(
@
filesize
(
$crt_file
)
>
0
)
&&
(
@
filesize
(
$key_file
)
>
0
)
)
{
$vhost_data
[
'ssl_enabled'
]
=
1
;
$app
->
log
(
'Enable SSL for: '
.
$domain
,
LOGLEVEL_DEBUG
);
}
else
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
