3 # Generates certificates signing requests (CSRs)
5 require './certmgr-lib.pl';
7 $access{'gencsr'} || &error($text{'ecannot'});
8 &header($text{'gencsr_title'}, "");
10 if ($in{'keysize'}==512){$checked[0]=" checked";}
11 elsif ($in{'keysize'}==2048){$checked[2]=" checked";}
12 else {$checked[1]=" checked";} # Default keysize 1024
13 $in{'c'}=~tr/[a-z]/[A-Z]/;
14 if ($in{'submitted'} eq "generate") {
15 if (!$in{'cn'}) { $error.=$text{'gencert_e_nocn'}."<br>\n"; }
16 if ($in{'password'} ne $in{'confirm_password'}) {
17 $error.=$text{'gencert_e_badpw'}."<br>\n";
19 $in{'confirm_password'}="";
21 if (!($in{'csrfile'} && $in{'keyfile'} )){
22 $error.=$text{'gencsr_e_nofilename'}."<br>\n";
31 print "<hr> <b>$text{'gencsr_error'}</b>\n<ul>\n";
32 print "$error</ul>\n$text{'gencsr_pleasefix'}\n";
34 if (!$in{'csrfile'}) { $in{'csrfile'}=$config{'ssl_csr_dir'}."/".
35 $config{'csr_filename'}; }
36 if (!$in{'keyfile'}) { $in{'keyfile'}=$config{'ssl_key_dir'}."/".
37 $config{'key_filename'}; }
38 if (!$in{'cn'}) { $in{'cn'}=&get_system_hostname(); }
39 if (!$in{'o'}) { $in{'o'}=$config{'default_o'}; }
40 if (!$in{'ou'}) { $in{'ou'}=$config{'default_ou'}; }
41 if (!$in{'l'}) { $in{'l'}=$config{'default_l'}; }
42 if (!$in{'st'}) { $in{'st'}=$config{'default_st'}; }
43 if (!$in{'c'}) { $in{'c'}=$config{'default_c'}; }
44 $in{'c'}=~tr/[a-z]/[A-Z]/;
45 if (!$in{'emailAddress'}) { $in{'emailAddress'}=$config{'default_email'}; }
49 &print_cert_form("gencsr");
51 &footer("", $text{'index_return'});
54 $conffilename=&tempname();
56 if (((-e $in{'csrfile'})||(-e $in{'keyfile'}))&&($in{'overwrite'} ne "yes")) {
59 &footer("", $text{'index_return'});
62 open(CONF,">$conffilename");
65 distinguished_name = req_dn
70 if ($in{'o'}) {print CONF " O = $in{'o'}\n";}
71 if ($in{'ou'}) {print CONF " OU = $in{'ou'}\n";}
72 if ($in{'l'}) {print CONF " L = $in{'l'}\n";}
73 if ($in{'st'}) {print CONF " ST = $in{'st'}\n";}
74 if ($in{'c'}) {print CONF " C = $in{'c'}\n";}
75 if ($in{'emailAddress'}) {print CONF " emailAddress = $in{'emailAddress'}\n";}
77 if ($in{'password'}){ $des="-passout pass:".quotemeta($in{'password'}); }
78 else { $des="-nodes"; }
79 if (!(open(OPENSSL,"|$config{'openssl_cmd'} req $des -newkey rsa:$in{'keysize'} -keyout $in{'keyfile'} -new \\
80 -out $in{'csrfile'} -config $conffilename >$outfile 2>&1"))) {
81 $error="$e_genfailed: $!";
84 open(ERROR,"<$outfile");
85 while(<ERROR>){$out.=$_;}
87 if (!((-e $in{'csrfile'})&&(-e $in{'keyfile'}))) {
91 chmod(0400,$in{'keyfile'});
95 unlink($conffilename);
97 if ($error){ print "<b>$text{'gencsr_e_genfailed'}</b>\n<pre>$error</pre>\n<hr>\n";}
99 print "<b>$text{'gencsr_genworked'}</b>\n<pre>$out</pre>\n";
100 $url="\"view.cgi?csrfile=".&my_urlize($in{'csrfile'}).'"';
101 print "<b>$text{'gencsr_saved_csr'} <a href=$url>$in{'csrfile'}</a></b><br>\n";
102 $url="\"view.cgi?keyfile=".&my_urlize($in{'keyfile'}).'"';
103 print "<b>$text{'gencert_saved_key'} <a href=$url>$in{'keyfile'}</a></b><br>\n";
106 &footer("", $text{'index_return'});
110 my($buffer1,$buffer2,$buffer,$key,$temp_pem,$url);
112 print "<table>\n<tr valign=top>";
113 if (-e $in{'csrfile'}) {
114 open(OPENSSL,"$config{'openssl_cmd'} req -in $in{'csrfile'} -text -noout|");
115 while(<OPENSSL>){ $buffer1.=$_; }
117 $url="\"view.cgi?csrfile=".&my_urlize($in{'csrfile'}).'"';
118 print "<td><table border><tr $tb><td align=center><b><a href=$url>$in{'csrfile'}</a></b></td> </tr>\n<tr $cb> <td>\n";
119 if (!$buffer1) { print $text{'e_file'};}
120 else { &print_cert_info(0,$buffer1); }
121 print "</td></tr></table></td>\n";
123 if (-e $in{'keyfile'}) {
124 open(OPENSSL,"$config{'openssl_cmd'} rsa -in $in{'keyfile'} -text -noout|");
125 while(<OPENSSL>){ $buffer.=$_; }
127 $url="\"view.cgi?keyfile=".&my_urlize($in{'keyfile'}).'"';
128 print "<td><table border><tr $tb> <td align=center><b><a href=$url>$in{'keyfile'}</a></b></td> </tr>\n<tr $cb> <td>\n";
129 if (!$buffer) { print $text{'e_file'};}
130 else { &print_key_info(0,$buffer); }
131 print "</td></tr></table></td>\n";
133 print "</tr></table>\n";
134 print "$text{'gencsr_moreinfo'}";
135 print "<hr>\n$text{'gencsr_overwrite'}\n<p>\n";
137 print "<form action=gencsr.cgi method=post>\n";
138 foreach $key (keys %in) {
139 print "<input name=\"$key\" type=hidden value=\"$in{$key}\">\n";
141 print "<input name=overwrite value=\"yes\" type=hidden>\n";
142 print "<input type=submit value=\"$text{'continue'}\"></form>\n";