lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-13 16:14:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

system: generate a better self-signed certificate

Browse Source
This commit is contained in:
Franco Fichtner 2021-01-05 13:29:56 +01:00
parent 071722a082
commit a90ecbab5f
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/etc/inc/plugins.inc.d/webgui.inc
View File

@ -144,7 +144,7 @@ function webgui_configure_do($verbose = false, $interface = '')
function webgui_create_selfsigned($verbose = false)
{
global $config;
global $config, $g;
$a_ca = &config_read_array('ca');
$a_cert = &config_read_array('cert');
@ -160,13 +160,15 @@ function webgui_create_selfsigned($verbose = false)
$cert['refid'] = uniqid();
$cert['descr'] = 'Web GUI TLS certificate';
mwexec(
/* XXX ought to be replaced by PHP calls */
$dns = $config['system']['hostname'] . "." . $config['system']['domain'];
mwexecf(
'/usr/local/bin/openssl req -new -extensions server_cert ' .
'-config /usr/local/etc/ssl/opnsense.cnf ' .
'-newkey rsa:4096 -sha256 -days 397 -nodes -x509 ' .
'-subj "/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense" ' .
'-keyout /tmp/ssl.key -out /tmp/ssl.crt'
'-subj "/CN="%s"/C=NL/ST=Zuid-Holland/L=Middelharnis/O="%s" self-signed web certificate" ' .
'-addext "subjectAltName = DNS:"%s -keyout /tmp/ssl.key -out /tmp/ssl.crt',
array($dns, $g['product_name'], $dns)
);
$crt = file_get_contents('/tmp/ssl.crt');