lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
certidude/certidude/static/views/authority.html

217 lines
6.1 KiB
HTML
Raw Blame History

<section id="about">
<h2>{{ session.user.gn }} {{ session.user.sn }} ({{session.user.name }}) settings</h2>
<p title="Bundles are mainly intended for Android and iOS users">
Click <a href="/api/bundle/">here</a> to generate Android or iOS bundle for current user account.</p>
<p>Mails will be sent to: {{ session.user.mail }}</p>
{% if session.authority %}
<h2>Authority certificate</h2>
<p>Several things are hardcoded into the <a href="/api/certificate">certificate</a> and
as such require complete reset of X509 infrastructure if some of them needs to be changed.</p>
<h2>Authority settings</h2>
<p>These can be reconfigured via /etc/certidude/server.conf on the server.</p>
{% if session.authority.outbox %}
<p>Outgoing mail server: {{ session.authority.outbox.server }}</p>
<p>Mails will appear from: {{ session.authority.outbox.name }} &lt;{{ session.authority.outbox.mail }}&gt;</p>
{% else %}
<p>E-mail disabled</p>
{% endif %}
<p>User enrollment:
{% if session.authority.user_enrollment_allowed %}
{% if session.authority.user_multiple_certificates %}
multiple
{% else %}
single
{% endif %}
allowed
{% else %}
forbidden
{% endif %}
</p>
<p>Machine enrollment:
{% if session.authority.machine_enrollment_allowed %}
allowed
{% else %}
forbidden
{% endif %}
</p>
<p>Certificate attributes:</p>
<ul>
<li>Server certificate lifetime: {{ session.authority.signature.server_certificate_lifetime }} days</li>
<li>Client certificate lifetime: {{ session.authority.signature.client_certificate_lifetime }} days</li>
<li>Revocation list lifetime: {{ session.authority.signature.revocation_list_lifetime }} seconds</li>
</ul>
<p>Authenticated users allowed from:
{% if "0.0.0.0/0" in session.authority.user_subnets %}
anywhere
</p>
{% else %}
</p>
<ul>
{% for i in session.authority.user_subnets %}
<li>{{ i }}</li>
{% endfor %}
</ul>
{% endif %}
<p>Request submission is allowed from:
{% if "0.0.0.0/0" in session.authority.request_subnets %}
anywhere
</p>
{% else %}
</p>
<ul>
{% for subnet in session.authority.request_subnets %}
<li>{{ subnet }}</li>
{% endfor %}
</ul>
{% endif %}
<p>Autosign is allowed from:
{% if "0.0.0.0/0" in session.authority.autosign_subnets %}
anywhere
</p>
{% else %}
</p>
<ul>
{% for subnet in session.authority.autosign_subnets %}
<li>{{ subnet }}</li>
{% endfor %}
</ul>
{% endif %}
<p>Authority administration is allowed from:
{% if "0.0.0.0/0" in session.authority.admin_subnets %}
anywhere
</p>
{% else %}
<ul>
{% for subnet in session.authority.admin_subnets %}
<li>{{ subnet }}</li>
{% endfor %}
</ul>
{% endif %}
<p>Authority administration allowed for:</p>
<ul>
{% for user in session.authority.admin_users %}
<li><a href="mailto:{{ user.mail}}">{{ user.given_name }} {{user.surname }}</a></li>
{% endfor %}
</ul>
</section>
{% else %}
<p>Here you can renew your certificates</p>
{% endif %}
{% set s = session.certificate.identity %}
{% if session.authority %}
<section id="requests">
<h1>Pending requests</h1>
{% if session.request_submission_allowed %}
<p>Generate private key and certificate signing request:</p>
<pre>
openssl genrsa -out example.key 2048
openssl req -new -sha256 -key example.key -out example.csr
cat example.csr
</pre>
<p>Paste the contents here and click submit:</p>
<textarea id="request_body" style="width:100%; min-height: 4em;" placeholder="-----BEGIN CERTIFICATE REQUEST-----"></textarea>
<button class="icon upload" id="request_submit" style="float:none;">Submit</button>
{% else %}
<p>Submit a certificate signing request from Mac OS X, Ubuntu or Fedora:</p>
<pre>easy_install pip
pip install certidude
certidude bootstrap {{session.authority.common_name}}</pre>
{% endif %}
<ul id="pending_requests">
{% for request in session.authority.requests %}
{% include "views/request.html" %}
{% endfor %}
<li class="notify">
<p>No certificate signing requests to sign!</p>
</li>
</ul>
</section>
<section id="signed">
<h1>Signed certificates</h1>
<input id="search" type="search" class="icon search">
<ul id="signed_certificates">
{% for certificate in session.authority.signed | sort | reverse %}
{% include "views/signed.html" %}
{% endfor %}
</ul>
</section>
<section id="log">
<h1>Log</h1>
<p>
<input id="log_level_critical" type="checkbox" checked/> <label for="log_level_critical">Critical</label>
<input id="log_level_error" type="checkbox" checked/> <label for="log_level_error">Errors</label>
<input id="log_level_warning" type="checkbox" checked/> <label for="log_level_warning">Warnings</label>
<input id="log_level_info" type="checkbox" checked/> <label for="log_level_info">Info</label>
<input id="log_level_debug" type="checkbox"/> <label for="log_level_debug">Debug</label>
</p>
<ul id="log_entries">
</ul>
</section>
<section id="revoked">
<h1>Revoked certificates</h1>
<p>To fetch <a href="{{window.location.href}}api/revoked/">certificate revocation list</a>:</p>
<pre>curl {{window.location.href}}api/revoked/ > crl.der
curl http://ca2.koodur.lan/api/revoked/ -L -H "Accept: application/x-pem-file"
curl http://ca2.koodur.lan/api/revoked/?wait=yes -L -H "Accept: application/x-pem-file" > crl.pem</pre>
<!--
<p>To perform online certificate status request</p>
<pre>
curl {{request.url}}/certificate/ > session.pem
openssl ocsp -issuer session.pem -CAfile session.pem -url {{request.url}}/ocsp/ -serial 0x
</pre>
-->
<ul>
{% for j in session.authority.revoked %}
<li id="certificate_{{ j.sha256sum }}">
{{j.changed}}
{{j.serial_number}} <span class="monospace">{{j.identity}}</span>
</li>
{% else %}
<li>Great job! No certificate signing requests to sign.</li>
{% endfor %}
</ul>
</section>
<section id="config">
</section>
{% endif %}
Reference in New Issue View Git Blame Copy Permalink