upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-06-13 19:00:22 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/acme-client: enable/clarify forceful re-issue of certificates

Browse source
This commit is contained in:
Frank Wall 2017-02-07 18:00:47 +01:00 committed by Franco Fichtner
parent 46303731bd
commit 4cc9055d17
3 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
security/acme-client/src/opnsense/mvc/app/controllers/OPNsense/AcmeClient/forms/dialogCertificate.xml
View file

@ -23,7 +23,7 @@
<type>select_multiple</type>
<style>tokenize</style>
<allownew>true</allownew>
<help><![CDATA[Configure additional names that should be part pf the certificate, i.e. www.example.com or mail.example.com. Use TAB key to complete typing a FQDN.<br/><div class="text-info"><b>NOTE:</b>Cannot be altered once the certificate was signed by the Let's Encrypt Authority! You need to create a new certificate to add additional names.</div>]]></help>
<help><![CDATA[Configure additional names that should be part pf the certificate, i.e. www.example.com or mail.example.com. Use TAB key to complete typing a FQDN.<br/><div class="text-info"><b>NOTE:</b>You need to forcefully re-issue the certificate if you change "Alt Names" after the certificate was signed by the Let's Encrypt Authority! Use the "issue" button in the Commands column in this case.</div>]]></help>
<hint>Enter FQDN here. Finish with TAB.</hint>
</field>
<field>

2
security/acme-client/src/opnsense/mvc/app/views/OPNsense/AcmeClient/certificates.volt
View file

@ -269,7 +269,7 @@ POSSIBILITY OF SUCH DAMAGE.
{
if (gridParams['sign'] != undefined) {
var uuid=$(this).data("row-id");
stdDialogRemoveItem('Sign/renew selected certificate?',function() {
stdDialogRemoveItem('Forcefully (re-)issue the selected certificate?',function() {
// Handle HAProxy integration (no-op if not applicable)
ajaxCall(url="/api/acmeclient/settings/fetchHAProxyIntegration", sendData={}, callback=function(data,status) {
ajaxCall(url=gridParams['sign'] + uuid,sendData={},callback=function(data,status){

10
security/acme-client/src/opnsense/scripts/OPNsense/AcmeClient/certhelper.php
View file

@ -442,7 +442,15 @@ function run_acme_validation($certObj, $valObj, $acctObj)
$proc_pipes = array();
// Do we need to issue or renew the certificate?
$acme_action = !empty((string)$certObj->lastUpdate) ? "renew" : "issue";
if (!empty((string)$certObj->lastUpdate) and !isset($options["F"])) {
$acme_action = "renew";
} else {
// Default: Issue a new certificate.
// If "-F" is specified, forcefully re-issue the cert, no matter if it's required.
// NOTE: This is useful if altNames were changed or when switching
// from acme staging to acme production servers.
$acme_action = "issue";
}
// Calculate next renewal date
$last_update = !empty((string)$certObj->lastUpdate) ? (string)$certObj->lastUpdate : 0;