mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-22 16:25:17 +00:00
Various web frontend fixes
This commit is contained in:
parent
ef16bac80f
commit
f21417a214
@ -81,7 +81,7 @@ config setup
|
|||||||
ca $AUTHORITY
|
ca $AUTHORITY
|
||||||
auto=add
|
auto=add
|
||||||
cacert=/etc/certidude/authority/$AUTHORITY/ca_cert.pem
|
cacert=/etc/certidude/authority/$AUTHORITY/ca_cert.pem
|
||||||
ocspuri = http://$AUTHORITY/api/ocsp/
|
# OCSP and CRL URL-s embedded in certificates
|
||||||
|
|
||||||
conn %default
|
conn %default
|
||||||
keyingtries=%forever
|
keyingtries=%forever
|
||||||
@ -94,7 +94,7 @@ conn %default
|
|||||||
leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
|
leftca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
|
||||||
rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
|
rightca="$AUTHORITY_CERTIFICATE_DISTINGUISHED_NAME"
|
||||||
|
|
||||||
conn client-to-site
|
conn c2s
|
||||||
auto=start
|
auto=start
|
||||||
right="$ROUTER"
|
right="$ROUTER"
|
||||||
rightsubnet="$SUBNETS"
|
rightsubnet="$SUBNETS"
|
||||||
@ -103,7 +103,4 @@ conn client-to-site
|
|||||||
|
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
cat << EOF > $OVERLAY/etc/uci-defaults/99-uhttpd-disable-https
|
# Note that auto=route is not supported at the moment with libipsec
|
||||||
uci delete uhttpd.main.listen_https
|
|
||||||
uci delete uhttpd.main.redirect_https
|
|
||||||
EOF
|
|
||||||
|
0
certidude/builder/overlay/etc/uci-defaults/40-hostname
Normal file → Executable file
0
certidude/builder/overlay/etc/uci-defaults/40-hostname
Normal file → Executable file
3
certidude/builder/overlay/etc/uci-defaults/60-cron
Normal file → Executable file
3
certidude/builder/overlay/etc/uci-defaults/60-cron
Normal file → Executable file
@ -1,5 +1,7 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
|
/etc/init.d/ipsec enable
|
||||||
|
|
||||||
# Randomize restart time
|
# Randomize restart time
|
||||||
OFFSET=$(awk -v min=1 -v max=59 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
|
OFFSET=$(awk -v min=1 -v max=59 'BEGIN{srand(); print int(min+rand()*(max-min+1))}')
|
||||||
|
|
||||||
@ -14,3 +16,4 @@ chmod 0600 /etc/crontabs/root
|
|||||||
|
|
||||||
/etc/init.d/cron enable
|
/etc/init.d/cron enable
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
0
certidude/builder/overlay/etc/uci-defaults/90-certidude-sysupgrade
Normal file → Executable file
0
certidude/builder/overlay/etc/uci-defaults/90-certidude-sysupgrade
Normal file → Executable file
3
certidude/builder/overlay/etc/uci-defaults/99-uhttpd-disable-https
Executable file
3
certidude/builder/overlay/etc/uci-defaults/99-uhttpd-disable-https
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
uci delete uhttpd.main.listen_https
|
||||||
|
uci delete uhttpd.main.redirect_https
|
||||||
|
exit 0
|
@ -126,5 +126,4 @@ mv $CERTIFICATE_PATH.part $CERTIFICATE_PATH
|
|||||||
|
|
||||||
# Start services
|
# Start services
|
||||||
logger -t certidude -s "Starting IPSec IKEv2 daemon..."
|
logger -t certidude -s "Starting IPSec IKEv2 daemon..."
|
||||||
/etc/init.d/ipsec enable
|
|
||||||
/etc/init.d/ipsec restart
|
/etc/init.d/ipsec restart
|
||||||
|
@ -26,9 +26,9 @@
|
|||||||
<a class="nav-link" href="#">Log</a>
|
<a class="nav-link" href="#">Log</a>
|
||||||
</li>
|
</li>
|
||||||
</ul>
|
</ul>
|
||||||
<form class="form-inline my-2 my-lg-0">
|
<div class="form-inline my-2 my-lg-0">
|
||||||
<input id="search" class="form-control mr-sm-2" style="display:none;" type="search" placeholder="🔍">
|
<input id="search" class="form-control mr-sm-2" style="display:none;" type="search" placeholder="🔍">
|
||||||
</form>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</nav>
|
</nav>
|
||||||
<div id="view-dashboard" class="container-fluid" style="margin: 5em 0 0 0;">
|
<div id="view-dashboard" class="container-fluid" style="margin: 5em 0 0 0;">
|
||||||
|
@ -155,7 +155,7 @@ function onEnroll(encoding) {
|
|||||||
gateway: query.router,
|
gateway: query.router,
|
||||||
p12_uuid: blobToUuid(p12),
|
p12_uuid: blobToUuid(p12),
|
||||||
p12: forge.util.encode64(p12),
|
p12: forge.util.encode64(p12),
|
||||||
ca_uuid: blobToUuid(forge.pki.certificateToAsn1(ca)).getBytes()),
|
ca_uuid: blobToUuid(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes()),
|
||||||
ca: forge.util.encode64(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes())
|
ca: forge.util.encode64(forge.asn1.toDer(forge.pki.certificateToAsn1(ca)).getBytes())
|
||||||
});
|
});
|
||||||
var mimetype = "application/x-apple-aspen-config";
|
var mimetype = "application/x-apple-aspen-config";
|
||||||
|
@ -16,18 +16,22 @@ conn default-{{ session.authority.hostname }}
|
|||||||
leftupdown=/etc/certidude/authority/{{ session.authority.hostname }}/updown
|
leftupdown=/etc/certidude/authority/{{ session.authority.hostname }}/updown
|
||||||
leftcert=/etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem
|
leftcert=/etc/certidude/authority/{{ session.authority.hostname }}/host_cert.pem
|
||||||
leftsubnet=$(uci get network.lan.ipaddr | cut -d . -f 1-3).0/24 # Subnets pushed to roadwarriors
|
leftsubnet=$(uci get network.lan.ipaddr | cut -d . -f 1-3).0/24 # Subnets pushed to roadwarriors
|
||||||
leftdns=$(uci get network.lan.ipaddr) # IP of DNS server advertised to roadwarriors
|
|
||||||
leftca="{{ session.authority.certificate.distinguished_name }}"
|
leftca="{{ session.authority.certificate.distinguished_name }}"
|
||||||
rightca="{{ session.authority.certificate.distinguished_name }}"
|
rightca="{{ session.authority.certificate.distinguished_name }}"
|
||||||
rightsourceip=172.21.0.0/24 # Roadwarrior virtual IP pool
|
rightsourceip=172.21.0.0/24 # Roadwarrior virtual IP pool
|
||||||
dpddelay=0
|
dpddelay=0
|
||||||
dpdaction=clear
|
dpdaction=clear
|
||||||
|
fragmentation=yes
|
||||||
|
reauth=no
|
||||||
|
rekey=no
|
||||||
|
leftsendcert=always
|
||||||
|
|
||||||
conn site-to-clients
|
conn s2c-rw
|
||||||
auto=add
|
auto=add
|
||||||
also=default-{{ session.authority.hostname }}
|
also=default-{{ session.authority.hostname }}
|
||||||
|
rightdns=$(uci get network.lan.ipaddr) # IP of DNS server advertised to roadwarriors
|
||||||
|
|
||||||
conn site-to-client1
|
conn s2c-client1
|
||||||
auto=ignore
|
auto=ignore
|
||||||
also=default-{{ session.authority.hostname }}
|
also=default-{{ session.authority.hostname }}
|
||||||
rightid="CN=*, OU=IP Camera, O=*, DC=*, DC=*, DC=*"
|
rightid="CN=*, OU=IP Camera, O=*, DC=*, DC=*, DC=*"
|
||||||
|
@ -7,3 +7,10 @@ test -e /etc/pki/ca-trust/source/anchors \
|
|||||||
test -e /usr/local/share/ca-certificates/ \
|
test -e /usr/local/share/ca-certificates/ \
|
||||||
&& ln -s /etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem /usr/local/share/ca-certificates/{{ session.authority.hostname }}.crt \
|
&& ln -s /etc/certidude/authority/{{ session.authority.hostname }}/ca_cert.pem /usr/local/share/ca-certificates/{{ session.authority.hostname }}.crt \
|
||||||
&& update-ca-certificates
|
&& update-ca-certificates
|
||||||
|
|
||||||
|
# Patch Firefox trust store on Ubuntu
|
||||||
|
if [ ! -h /usr/lib/firefox/libnssckbi.so ]; then
|
||||||
|
apt install p11-kit p11-kit-modules
|
||||||
|
mv /usr/lib/firefox/libnssckbi.so /usr/lib/firefox/libnssckbi.so.bak
|
||||||
|
ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/firefox/libnssckbi.so
|
||||||
|
fi
|
||||||
|
@ -192,7 +192,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
|||||||
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col-sm-6 col-lg-4 col-xl-3">
|
<div class="col-sm-6 col-lg-4 col-xl-3">
|
||||||
<h1>Signed certificates</h1>
|
<h3>Signed certificates</h3>
|
||||||
<p>Authority administration
|
<p>Authority administration
|
||||||
{% if session.authority.certificate.organization %}of {{ session.authority.certificate.organization }}{% endif %}
|
{% if session.authority.certificate.organization %}of {{ session.authority.certificate.organization }}{% endif %}
|
||||||
allowed for
|
allowed for
|
||||||
@ -213,7 +213,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
|||||||
<div class="col-sm-6 col-lg-4 col-xl-3">
|
<div class="col-sm-6 col-lg-4 col-xl-3">
|
||||||
{% if session.authority %}
|
{% if session.authority %}
|
||||||
{% if session.features.token %}
|
{% if session.features.token %}
|
||||||
<h1>Tokens</h1>
|
<h3>Tokens</h3>
|
||||||
<p>Tokens allow enrolling smartphones and third party devices.</p>
|
<p>Tokens allow enrolling smartphones and third party devices.</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>You can issue yourself a token to be used on a mobile device</li>
|
<li>You can issue yourself a token to be used on a mobile device</li>
|
||||||
@ -241,7 +241,8 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if session.authorization.request_subnets %}
|
{% if session.authorization.request_subnets %}
|
||||||
<h1>Pending requests</h1>
|
<p> </p>
|
||||||
|
<h3>Pending requests</h3>
|
||||||
|
|
||||||
<p>Use Certidude client to apply for a certificate.
|
<p>Use Certidude client to apply for a certificate.
|
||||||
|
|
||||||
@ -291,7 +292,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% if session.builder.profiles %}
|
{% if session.builder.profiles %}
|
||||||
<h2>LEDE imagebuilder</h2>
|
<h3>LEDE imagebuilder</h3>
|
||||||
<p>Hit a link to generate machine specific image. Note that this might take couple minutes to finish.</p>
|
<p>Hit a link to generate machine specific image. Note that this might take couple minutes to finish.</p>
|
||||||
<ul>
|
<ul>
|
||||||
{% for name, title, filename in session.builder.profiles %}
|
{% for name, title, filename in session.builder.profiles %}
|
||||||
@ -303,7 +304,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
|||||||
</div>
|
</div>
|
||||||
<div class="col-sm-6 col-lg-4 col-xl-3">
|
<div class="col-sm-6 col-lg-4 col-xl-3">
|
||||||
|
|
||||||
<h1>Revoked certificates</h1>
|
<h3>Revoked certificates</h3>
|
||||||
<p>Following certificates have been revoked{% if session.features.crl %}, for more information click
|
<p>Following certificates have been revoked{% if session.features.crl %}, for more information click
|
||||||
<a href="#revocation_list_modal" data-toggle="modal">here</a>{% endif %}.</p>
|
<a href="#revocation_list_modal" data-toggle="modal">here</a>{% endif %}.</p>
|
||||||
|
|
||||||
@ -317,7 +318,7 @@ curl http://{{ session.authority.hostname }}/api/revoked/?wait=yes -L -H "Accept
|
|||||||
<p>Loading logs, this might take a while...</p>
|
<p>Loading logs, this might take a while...</p>
|
||||||
</div>
|
</div>
|
||||||
<div class="content" style="display:none;">
|
<div class="content" style="display:none;">
|
||||||
<h1>Log</h1>
|
<h3>Log</h3>
|
||||||
<div class="btn-group" data-toggle="buttons">
|
<div class="btn-group" data-toggle="buttons">
|
||||||
<label class="btn btn-primary active"><input id="log-level-critical" type="checkbox" autocomplete="off" checked>Critical</label>
|
<label class="btn btn-primary active"><input id="log-level-critical" type="checkbox" autocomplete="off" checked>Critical</label>
|
||||||
<label class="btn btn-primary active"><input id="log-level-error" type="checkbox" autocomplete="off" checked>Error</label>
|
<label class="btn btn-primary active"><input id="log-level-error" type="checkbox" autocomplete="off" checked>Error</label>
|
||||||
|
Loading…
Reference in New Issue
Block a user