fic/server
2
0
Fork 0
Code Issues Pull Requests 2 Releases Wiki Activity

Move PKI scripts to pki directory

Browse Source
This commit is contained in:
nemunaire 2015-01-13 17:04:35 +01:00 committed by Nemunaire
parent 1d65c5a836
commit de48af8ef8
3 changed files with 23 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
onyx/include/admin/certificate.php
View File

@ -25,16 +25,14 @@ function remove_directory($dir)
function new_client($name, $misc_dir)
{
//TODO handle if already exist
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("PKI_DIR=$misc_dir/pki");
return shell_exec("$misc_dir/CA.sh -newclient $name");
putenv("PKI_BASEDIR=$misc_dir");
return shell_exec("$misc_dir/../pki/CA.sh -newclient $name");
}
function revoke_client($name, $misc_dir)
{
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("PKI_DIR=$misc_dir/pki");
return shell_exec("$misc_dir/CA.sh -revoke $name");
putenv("PKI_BASEDIR=$misc_dir");
return shell_exec("$misc_dir/../pki/CA.sh -revoke $name");
}
if (!empty($p[2]))
@ -49,10 +47,9 @@ if (!empty($p[2]))
if ($p[2] == "newca")
{
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("PKI_DIR=$misc_dir/pki");
putenv("PKI_BASEDIR=$misc_dir");
$template->assign("output",
shell_exec("$misc_dir/CA.sh -newca"));
shell_exec("$misc_dir/../pki/CA.sh -newca"));
return "admin/shell";
}
@ -64,19 +61,17 @@ if (!empty($p[2]))
elseif ($p[2] == "newsrv")
{
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("PKI_DIR=$misc_dir/pki");
putenv("PKI_BASEDIR=$misc_dir");
$template->assign("output",
shell_exec("$misc_dir/CA.sh -newserver"));
shell_exec("$misc_dir/../pki/CA.sh -newserver"));
return "admin/shell";
}
elseif ($p[2] == "revokesrv")
{
putenv("OPENSSL_CONF=$misc_dir/openssl.cnf");
putenv("PKI_DIR=$misc_dir/pki");
putenv("PKI_BASEDIR=$misc_dir");
$template->assign("output",
shell_exec("$misc_dir/CA.sh -revokeserver"));
shell_exec("$misc_dir/../pki/CA.sh -revokeserver"));
return "admin/shell";
}

30
misc/CA.sh → pki/CA.sh Executable file → Normal file
View File

@ -2,21 +2,21 @@
cd $(dirname "$0")
if [ -z "${PKI_DIR}" ]; then
PKI_DIR=pki
if [ -z "${PKI_BASEDIR}" ]; then
PKI_BASEDIR=pki
fi
if [ -z "${OPENSSL_CONF}" ]; then
OPENSSL_CONF=openssl.cnf
fi
PKI_DIR=${PKI_BASEDIR}/pki
SHARED_DIR=${PKI_BASEDIR}/shared
OPENSSL_CONF=`pwd`/openssl.cnf
CAKEY=${PKI_DIR}/private/cakey.key
CAREQ=${PKI_DIR}/careq.csr
CACRT=./shared/cacert.crt
CACRT=${SHARED_DIR}/cacert.crt
SRVKEY=./shared/server.key
SRVREQ=./shared/server.csr
SRVCRT=./shared/server.crt
SRVKEY=${SHARED_DIR}/server.key
SRVREQ=${SHARED_DIR}/server.csr
SRVCRT=${SHARED_DIR}/server.crt
# Generate certificates valid for:
DAYS=2
@ -47,13 +47,9 @@ usage()
clean()
{
if [ "$1" = "ca" ]; then
rm -rf ${PKI_DIR}/* ./shared/*
mkdir -p ${PKI_DIR}/certs
mkdir -p ${PKI_DIR}/crl
mkdir -p ${PKI_DIR}/newcerts
mkdir -p ${PKI_DIR}/private
mkdir -p ${PKI_DIR}/pkcs
mkdir -p ./shared
rm -rf ${PKI_DIR}/* ${SHARED_DIR}/*
mkdir -p ${PKI_DIR}/certs ${PKI_DIR}/crl ${PKI_DIR}/newcerts \
${PKI_DIR}/private ${PKI_DIR}/pkcs ${SHARED_DIR}
echo "01" > ${PKI_DIR}/crlnumber
elif [ "$1" = "client" ]; then
rm -rf ${PKI_DIR}/${2}.key ${PKI_DIR}/${2}.csr
@ -64,7 +60,7 @@ clean()
gen_crl()
{
echo $ECHO_OPTS "${GREEN}Generate shared/crl.pem${COLOR_RST}"
if ! openssl ca -config ${OPENSSL_CONF} -gencrl -out shared/crl.pem > $OUTPUT 2>&1
if ! openssl ca -config ${OPENSSL_CONF} -gencrl -out ${SHARED_DIR}/crl.pem > $OUTPUT 2>&1
then
echo $ECHO_OPTS "${RED}Generate shared/crl.pem failed"
cat $OUTPUT

0
misc/openssl.cnf → pki/openssl.cnf
View File