mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 08:15:18 +00:00
Various web frontend fixes
This commit is contained in:
parent
ef16bac80f
commit
f21417a214
@ -81,7 +81,7 @@ config setup
|
||||
ca $AUTHORITY
|
||||
auto=add
|
||||
cacert=/etc/certidude/authority/$AUTHORITY/ca_cert.pem
|
||||
ocspuri = http://$AUTHORITY/api/ocsp/
|
||||
# OCSP and CRL URL-s embedded in certificates
|
||||
|
||||
conn %default
|
||||
keyingtries=%forever
|
||||
@ -94,7 +94,7 @@ conn %default
|
||||
leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
|
||||
rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
|
||||
|
||||
conn client-to-site
|
||||
conn c2s
|
||||
auto=start
|
||||
right="$ROUTER"
|
||||
rightsubnet="$SUBNETS"
|
||||
@ -103,7 +103,4 @@ conn client-to-site
|
||||
|
||||
EOF
|
||||
|
||||
cat << EOF > $OVERLAY/etc/uci-defaults/99-uhttpd-disable-https
|
||||
uci delete uhttpd.main.listen_https
|
||||
uci delete uhttpd.main.redirect_https
|
||||
EOF
|
||||
# Note that auto=route is not supported at the moment with libipsec
|
||||
|
0
certidude/builder/overlay/etc/uci-defaults/40-hostname
Normal file → Executable file
0
certidude/builder/overlay/etc/uci-defaults/40-hostname
Normal file → Executable file
3
certidude/builder/overlay/etc/uci-defaults/60-cron
Normal file → Executable file
3
certidude/builder/overlay/etc/uci-defaults/60-cron
Normal file → Executable file
@ -1,5 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
/etc/init.d/ipsec enable
|
||||
|
||||
# Randomize restart time
|
||||
OFFSET=$(awk -v min=1 -v max=59 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
|
||||
|
||||
@ -14,3 +16,4 @@ chmod 0600 /etc/crontabs/root
|
||||
|
||||
/etc/init.d/cron enable
|
||||
|
||||
exit 0
|
||||
|
0
certidude/builder/overlay/etc/uci-defaults/90-certidude-sysupgrade
Normal file → Executable file
0
certidude/builder/overlay/etc/uci-defaults/90-certidude-sysupgrade
Normal file → Executable file
3
certidude/builder/overlay/etc/uci-defaults/99-uhttpd-disable-https
Executable file
3
certidude/builder/overlay/etc/uci-defaults/99-uhttpd-disable-https
Executable file
@ -0,0 +1,3 @@
|
||||
uci delete uhttpd.main.listen_https
|
||||
uci delete uhttpd.main.redirect_https
|
||||
exit 0
|
@ -126,5 +126,4 @@ mv $CERTIFICATE_PATH.part $CERTIFICATE_PATH
|
||||
|
||||
# Start services
|
||||
logger -t certidude -s "Starting IPSec IKEv2 daemon..."
|
||||
/etc/init.d/ipsec enable
|
||||
/etc/init.d/ipsec restart
|
||||
|
@ -26,9 +26,9 @@
|
||||
<a class="nav-link" href="#">Log</a>
|
||||
</li>
|
||||
</ul>
|
||||
<form class="form-inline my-2 my-lg-0">
|
||||
<div class="form-inline my-2 my-lg-0">
|
||||
<input id="search" class="form-control mr-sm-2" style="display:none;" type="search" placeholder="🔍">
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
<div id="view-dashboard" class="container-fluid" style="margin: 5em 0 0 0;">
|
||||
|
@ -155,7 +155,7 @@ function onEnroll(encoding) {
|
||||
gateway: query.router,
|
||||
p12_uuid: blobToUuid(p12),
|
||||
p12: forge.util.encode64(p12),
|
||||
ca_uuid: blobToUuid(forge.pki.certificateToAsn1(ca)).getBytes()),
|
||||
ca_uuid: blobToUuid(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes()),
|
||||
ca: forge.util.encode64(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes())
|
||||
});
|
||||
var mimetype = "application/x-apple-aspen-config";
|
||||
|
@ -16,18 +16,22 @@ conn default-{{ session.authority.hostname }}
|
||||
leftupdown=/etc/certidude/authority/{{ session.authority.hostname }}/updown
|
||||
leftcert=/etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem
|
||||
leftsubnet=$(uci get network.lan.ipaddr | cut -d . -f 1-3).0/24 # Subnets pushed to roadwarriors
|
||||
leftdns=$(uci get network.lan.ipaddr) # IP of DNS server advertised to roadwarriors
|
||||
leftca="{{ session.authority.certificate.distinguished_name }}"
|
||||
rightca="{{ session.authority.certificate.distinguished_name }}"
|
||||
rightsourceip=172.21.0.0/24 # Roadwarrior virtual IP pool
|
||||
dpddelay=0
|
||||
dpdaction=clear
|
||||
fragmentation=yes
|
||||
reauth=no
|
||||
rekey=no
|
||||
leftsendcert=always
|
||||
|
||||
conn site-to-clients
|
||||
conn s2c-rw
|
||||
auto=add
|
||||
also=default-{{ session.authority.hostname }}
|
||||
rightdns=$(uci get network.lan.ipaddr) # IP of DNS server advertised to roadwarriors
|
||||
|
||||
conn site-to-client1
|
||||
conn s2c-client1
|
||||
auto=ignore
|
||||
also=default-{{ session.authority.hostname }}
|
||||
rightid="CN=*, OU=IP Camera, O=*, DC=*, DC=*, DC=*"
|
||||
|
@ -7,3 +7,10 @@ test -e /etc/pki/ca-trust/source/anchors \
|
||||
test -e /usr/local/share/ca-certificates/ \
|
||||
&& ln -s /etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem /usr/local/share/ca-certificates/{{ session.authority.hostname }}.crt \
|
||||
&& update-ca-certificates
|
||||
|
||||
# Patch Firefox trust store on Ubuntu
|
||||
if [ ! -h /usr/lib/firefox/libnssckbi.so ]; then
|
||||
apt install p11-kit p11-kit-modules
|
||||
mv /usr/lib/firefox/libnssckbi.so /usr/lib/firefox/libnssckbi.so.bak
|
||||
ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
|
||||
fi
|
||||
|
@ -192,7 +192,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
||||
|
||||
<div class="row">
|
||||
<div class="col-sm-6 col-lg-4 col-xl-3">
|
||||
<h1>Signed certificates</h1>
|
||||
<h3>Signed certificates</h3>
|
||||
<p>Authority administration
|
||||
{% if session.authority.certificate.organization %}of {{ session.authority.certificate.organization }}{% endif %}
|
||||
allowed for
|
||||
@ -213,7 +213,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
||||
<div class="col-sm-6 col-lg-4 col-xl-3">
|
||||
{% if session.authority %}
|
||||
{% if session.features.token %}
|
||||
<h1>Tokens</h1>
|
||||
<h3>Tokens</h3>
|
||||
<p>Tokens allow enrolling smartphones and third party devices.</p>
|
||||
<ul>
|
||||
<li>You can issue yourself a token to be used on a mobile device</li>
|
||||
@ -241,7 +241,8 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
||||
{% endif %}
|
||||
|
||||
{% if session.authorization.request_subnets %}
|
||||
<h1>Pending requests</h1>
|
||||
<p> </p>
|
||||
<h3>Pending requests</h3>
|
||||
|
||||
<p>Use Certidude client to apply for a certificate.
|
||||
|
||||
@ -291,7 +292,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
||||
{% endif %}
|
||||
|
||||
{% if session.builder.profiles %}
|
||||
<h2>LEDE imagebuilder</h2>
|
||||
<h3>LEDE imagebuilder</h3>
|
||||
<p>Hit a link to generate machine specific image. Note that this might take couple minutes to finish.</p>
|
||||
<ul>
|
||||
{% for name, title, filename in session.builder.profiles %}
|
||||
@ -303,7 +304,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
||||
</div>
|
||||
<div class="col-sm-6 col-lg-4 col-xl-3">
|
||||
|
||||
<h1>Revoked certificates</h1>
|
||||
<h3>Revoked certificates</h3>
|
||||
<p>Following certificates have been revoked{% if session.features.crl %}, for more information click
|
||||
<a href="#revocation_list_modal" data-toggle="modal">here</a>{% endif %}.</p>
|
||||
|
||||
@ -317,7 +318,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
||||
<p>Loading logs, this might take a while...</p>
|
||||
</div>
|
||||
<div class="content" style="display:none;">
|
||||
<h1>Log</h1>
|
||||
<h3>Log</h3>
|
||||
<div class="btn-group" data-toggle="buttons">
|
||||
<label class="btn btn-primary active"><input id="log-level-critical" type="checkbox" autocomplete="off" checked>Critical</label>
|
||||
<label class="btn btn-primary active"><input id="log-level-error" type="checkbox" autocomplete="off" checked>Error</label>
|
||||
|
Loading…
Reference in New Issue
Block a user