Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
10
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
ISPConfig
ISPConfig 3
Commits
5c4d5508
Commit
5c4d5508
authored
Apr 02, 2011
by
laking
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Implemented local CA certificate signing.
parent
0930f5fc
Changes
15
Hide whitespace changes
Inline
Side-by-side
Showing
15 changed files
with
80 additions
and
3 deletions
+80
-3
install/dist/conf/centos52.conf.php
install/dist/conf/centos52.conf.php
+2
-0
install/dist/conf/centos53.conf.php
install/dist/conf/centos53.conf.php
+2
-0
install/dist/conf/debian40.conf.php
install/dist/conf/debian40.conf.php
+3
-0
install/dist/conf/debian60.conf.php
install/dist/conf/debian60.conf.php
+3
-0
install/dist/conf/fedora9.conf.php
install/dist/conf/fedora9.conf.php
+2
-0
install/dist/conf/gentoo.conf.php
install/dist/conf/gentoo.conf.php
+3
-0
install/dist/conf/opensuse110.conf.php
install/dist/conf/opensuse110.conf.php
+2
-0
install/dist/conf/opensuse112.conf.php
install/dist/conf/opensuse112.conf.php
+2
-0
install/dist/lib/fedora.lib.php
install/dist/lib/fedora.lib.php
+4
-0
install/dist/lib/gentoo.lib.php
install/dist/lib/gentoo.lib.php
+4
-0
install/dist/lib/opensuse.lib.php
install/dist/lib/opensuse.lib.php
+4
-0
install/install.php
install/install.php
+13
-0
install/tpl/config.inc.php.master
install/tpl/config.inc.php.master
+4
-0
install/update.php
install/update.php
+14
-0
server/plugins-available/apache2_plugin.inc.php
server/plugins-available/apache2_plugin.inc.php
+18
-3
No files found.
install/dist/conf/centos52.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/pki/CA'
;
?>
install/dist/conf/centos53.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/pki/CA'
;
?>
install/dist/conf/debian40.conf.php
View file @
5c4d5508
...
...
@@ -190,5 +190,8 @@ $conf['vlogger']['config_dir'] = '/etc';
$conf
[
'cron'
][
'init_script'
]
=
'cron'
;
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/conf/debian60.conf.php
View file @
5c4d5508
...
...
@@ -190,5 +190,8 @@ $conf['vlogger']['config_dir'] = '/etc';
$conf
[
'cron'
][
'init_script'
]
=
'cron'
;
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/conf/fedora9.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'crond';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/pki/CA'
;
?>
install/dist/conf/gentoo.conf.php
View file @
5c4d5508
...
...
@@ -202,4 +202,7 @@ $conf['cron']['init_script'] = 'vixie-cron';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'group'
]
=
'cron'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/conf/opensuse110.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'cron';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/conf/opensuse112.conf.php
View file @
5c4d5508
...
...
@@ -186,4 +186,6 @@ $conf['cron']['init_script'] = 'cron';
$conf
[
'cron'
][
'crontab_dir'
]
=
'/etc/cron.d'
;
$conf
[
'cron'
][
'wget'
]
=
'/usr/bin/wget'
;
$conf
[
'CA-path'
]
=
'/etc/ssl'
;
?>
install/dist/lib/fedora.lib.php
View file @
5c4d5508
...
...
@@ -695,6 +695,10 @@ class installer_dist extends installer_base {
$content
=
str_replace
(
'{server_id}'
,
$conf
[
'server_id'
],
$content
);
$content
=
str_replace
(
'{ispconfig_log_priority}'
,
$conf
[
'ispconfig_log_priority'
],
$content
);
$content
=
str_replace
(
'{language}'
,
$conf
[
'language'
],
$content
);
if
(
!
$conf
[
'CA-enabled'
])
$content
=
str_replace
(
'$conf[\'CA'
,
'//$conf[\'CA'
,
$content
);
$content
=
str_replace
(
'{CA-path}'
,
$conf
[
'CA-path'
],
$content
);
$content
=
str_replace
(
'{CA-pass}'
,
$conf
[
'CA-pass'
],
$content
);
wf
(
"
$install_dir
/server/lib/
$configfile
"
,
$content
);
...
...
install/dist/lib/gentoo.lib.php
View file @
5c4d5508
...
...
@@ -667,6 +667,10 @@ class installer extends installer_base
$this
->
write_config_file
(
"
$install_dir
/interface/lib/
$configfile
"
,
$content
);
if
(
!
$conf
[
'CA-enabled'
])
$content
=
str_replace
(
'$conf[\'CA'
,
'//$conf[\'CA'
,
$content
);
$content
=
str_replace
(
'{CA-path}'
,
$conf
[
'CA-path'
],
$content
);
$content
=
str_replace
(
'{CA-pass}'
,
$conf
[
'CA-pass'
],
$content
);
//* Create the config file for ISPConfig server
$this
->
write_config_file
(
"
$install_dir
/server/lib/
$configfile
"
,
$content
);
...
...
install/dist/lib/opensuse.lib.php
View file @
5c4d5508
...
...
@@ -708,6 +708,10 @@ class installer_dist extends installer_base {
$content
=
str_replace
(
'{ispconfig_log_priority}'
,
$conf
[
'ispconfig_log_priority'
],
$content
);
$content
=
str_replace
(
'{language}'
,
$conf
[
'language'
],
$content
);
if
(
!
$conf
[
'CA-enabled'
])
$content
=
str_replace
(
'$conf[\'CA'
,
'//$conf[\'CA'
,
$content
);
$content
=
str_replace
(
'{CA-path}'
,
$conf
[
'CA-path'
],
$content
);
$content
=
str_replace
(
'{CA-pass}'
,
$conf
[
'CA-pass'
],
$content
);
wf
(
"
$install_dir
/server/lib/
$configfile
"
,
$content
);
//* Create the config file for remote-actions (but only, if it does not exist, because
...
...
install/install.php
View file @
5c4d5508
...
...
@@ -438,6 +438,19 @@ if($install_mode == 'standard') {
$inst
->
configure_firewall
();
}
//** Configure CA
if
(
strtolower
(
$inst
->
simple_query
(
'Should this installation use a local CA to default-sign certificates?'
,
array
(
'y'
,
'n'
),
'n'
))
==
'y'
)
{
$conf
[
'CA-enabled'
]
=
true
;
$conf
[
'CA-path'
]
=
$inst
->
free_query
(
'Path to the CA folder: '
,
$conf
[
'CA-path'
]);
$conf
[
'CA-pass'
]
=
$inst
->
free_query
(
'Root Certificate Passphrase'
,
''
);
if
(
!
is_file
(
$conf
[
'CA-path'
]
.
'/openssl.cnf'
))
{
swriteln
(
'ERROR. '
.
$conf
[
'CA-path'
]
.
'/openssl.cnf not found.'
);
$conf
[
'CA-enabled'
]
=
false
;
}
//$inst->configure_ca();
}
else
{
$conf
[
'CA-enabled'
]
=
false
;};
//** Configure ISPConfig :-)
if
(
strtolower
(
$inst
->
simple_query
(
'Install ISPConfig Web Interface'
,
array
(
'y'
,
'n'
),
'y'
))
==
'y'
)
{
swriteln
(
'Installing ISPConfig'
);
...
...
install/tpl/config.inc.php.master
View file @
5c4d5508
...
...
@@ -157,6 +157,10 @@ $conf['interface_logout_url'] = ''; // example: http://www.domain.tld/
$conf
[
'start_db'
]
=
true
;
$conf
[
'start_session'
]
=
true
;
//** CA-configuration
$conf
[
'CA-path'
]
=
'{CA-path}'
;
$conf
[
'CA-pass'
]
=
'{CA-pass}'
;
//** Constants
define
(
'LOGLEVEL_DEBUG'
,
0
);
...
...
install/update.php
View file @
5c4d5508
...
...
@@ -303,6 +303,20 @@ if($reconfigure_services_answer == 'yes') {
//}
}
//** Configure CA
if
(
strtolower
(
$inst
->
simple_query
(
'Should this installation use a local CA to default-sign certificates?'
,
array
(
'y'
,
'n'
),
'n'
))
==
'y'
)
{
$conf
[
'CA-enabled'
]
=
true
;
$conf
[
'CA-path'
]
=
$inst
->
free_query
(
'Path to the CA folder: '
,
$conf
[
'CA-path'
]);
$conf
[
'CA-pass'
]
=
$inst
->
free_query
(
'Root Certificate Passphrase'
,
''
);
if
(
!
is_file
(
$conf
[
'CA-path'
]
.
'/openssl.cnf'
))
{
swriteln
(
'ERROR. '
.
$conf
[
'CA-path'
]
.
'/openssl.cnf not found.'
);
$conf
[
'CA-enabled'
]
=
false
;
}
//$inst->configure_ca();
}
else
{
$conf
[
'CA-enabled'
]
=
false
;};
//** Configure ISPConfig
swriteln
(
'Updating ISPConfig'
);
...
...
server/plugins-available/apache2_plugin.inc.php
View file @
5c4d5508
...
...
@@ -137,8 +137,18 @@ class apache2_plugin {
$crt_file
=
escapeshellcmd
(
$crt_file
);
if
(
is_file
(
$ssl_cnf_file
))
{
exec
(
"openssl genrsa -des3 -rand
$rand_file
-passout pass:
$ssl_password
-out
$key_file
2048 && openssl req -new -passin pass:
$ssl_password
-passout pass:
$ssl_password
-key
$key_file
-out
$csr_file
-days
$ssl_days
-config
$config_file
&& openssl req -x509 -passin pass:
$ssl_password
-passout pass:
$ssl_password
-key
$key_file
-in
$csr_file
-out
$crt_file
-days
$ssl_days
-config
$config_file
&& openssl rsa -passin pass:
$ssl_password
-in
$key_file
-out
$key_file2
"
);
$app
->
log
(
'Creating SSL Cert for: '
.
$domain
,
LOGLEVEL_DEBUG
);
exec
(
"openssl genrsa -des3 -rand
$rand_file
-passout pass:
$ssl_password
-out
$key_file
2048"
);
exec
(
"openssl req -new -passin pass:
$ssl_password
-passout pass:
$ssl_password
-key
$key_file
-out
$csr_file
-days
$ssl_days
-config
$config_file
"
);
if
(
isset
(
$conf
[
'CA-path'
])
&&
isset
(
$conf
[
'CA-pass'
])
)
{
exec
(
"openssl ca -batch -out
$crt_file
-config "
.
$conf
[
'CA-path'
]
.
"/openssl.cnf -passin pass:"
.
$conf
[
'CA-pass'
]
.
" -in
$csr_file
"
);
$app
->
log
(
"Creating CA-signed SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
}
else
{
exec
(
"openssl req -x509 -passin pass:
$ssl_password
-passout pass:
$ssl_password
-key
$key_file
-in
$csr_file
-out
$crt_file
-days
$ssl_days
-config
$config_file
"
);
$app
->
log
(
"Creating self-signed SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
};
exec
(
"openssl rsa -passin pass:
$ssl_password
-in
$key_file
-out
$key_file2
"
);
}
exec
(
'chmod 400 '
.
$key_file2
);
...
...
@@ -178,6 +188,11 @@ class apache2_plugin {
$csr_file
=
$ssl_dir
.
'/'
.
$domain
.
'.csr'
;
$crt_file
=
$ssl_dir
.
'/'
.
$domain
.
'.crt'
;
$bundle_file
=
$ssl_dir
.
'/'
.
$domain
.
'.bundle'
;
if
(
isset
(
$conf
[
'CA-path'
])
&&
isset
(
$conf
[
'CA-pass'
])
)
{
exec
(
"openssl ca -batch -config "
.
$conf
[
'CA-path'
]
.
"/openssl.cnf -passin pass:"
.
$conf
[
'CA-pass'
]
.
" -revoke
$crt_file
"
);
$app
->
log
(
"Revoking CA-signed SSL Cert for:
$domain
"
,
LOGLEVEL_DEBUG
);
};
unlink
(
$csr_file
);
unlink
(
$crt_file
);
unlink
(
$bundle_file
);
...
...
@@ -597,7 +612,7 @@ class apache2_plugin {
$crt_file
=
$ssl_dir
.
'/'
.
$domain
.
'.crt'
;
$bundle_file
=
$ssl_dir
.
'/'
.
$domain
.
'.bundle'
;
if
(
$data
[
'new'
][
'ssl'
]
==
'y'
&&
@
is_file
(
$crt_file
)
&&
@
is_file
(
$key_file
))
{
if
(
$data
[
'new'
][
'ssl'
]
==
'y'
&&
@
is_file
(
$crt_file
)
&&
@
is_file
(
$key_file
)
&&
(
@
filesize
(
$crt_file
)
>
0
)
&&
(
@
filesize
(
$key_file
)
>
0
)
)
{
$vhost_data
[
'ssl_enabled'
]
=
1
;
$app
->
log
(
'Enable SSL for: '
.
$domain
,
LOGLEVEL_DEBUG
);
}
else
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment