From ea8dce33ba8db5b71683bd582ac42f1b103801d4 Mon Sep 17 00:00:00 2001
From: Michael Steenbeek <42928941+MichaelDeciso@users.noreply.github.com>
Date: Mon, 14 Jan 2019 10:16:09 +0100
Subject: [PATCH] Add option to create combined client and server certificate,
closes #2800 (#3130)
---
src/etc/ssl/opnsense.cnf | 12 ++++++++++++
src/www/system_certmanager.php | 1 +
2 files changed, 13 insertions(+)
diff --git a/src/etc/ssl/opnsense.cnf b/src/etc/ssl/opnsense.cnf
index 91cd0b643..c1ea91cf3 100644
--- a/src/etc/ssl/opnsense.cnf
+++ b/src/etc/ssl/opnsense.cnf
@@ -369,3 +369,15 @@ extendedKeyUsage=serverAuth,1.3.6.1.5.5.8.2.2
keyUsage = digitalSignature, keyEncipherment
###OPNsense:subjectAltName###
+
+[ combined_server_client ]
+
+basicConstraints=CA:FALSE
+nsComment = "OPNsense Generated Combined Client/Server Certificate"
+subjectKeyIdentifier = hash
+authorityKeyIdentifier = keyid,issuer:always
+extendedKeyUsage = clientAuth,serverAuth,1.3.6.1.5.5.8.2.2
+# This is typical in keyUsage for a client certificate.
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
+
+###OPNsense:subjectAltName###
diff --git a/src/www/system_certmanager.php b/src/www/system_certmanager.php
index 0cd3d34e8..e7dcafe94 100644
--- a/src/www/system_certmanager.php
+++ b/src/www/system_certmanager.php
@@ -864,6 +864,7 @@ $( document ).ready(function() {