lauri
/
certidude
mirror of https://github.com/laurivosandi/certidude
1
0
Fork 0
Code Issues Activity
certidude/certidude/static/views/authority.html

251 lines
11 KiB
HTML
Raw Blame History

<div class="modal fade" id="request_submission_modal" role="dialog">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title">Request submission</h4>
</div>
<form action="/api/request/" method="post">
<div class="modal-body">
<h5>Certidude client</h5>
<p>On Ubuntu or Fedora:</p>
<div class="highlight">
<pre class="code"><code>{% include "snippets/certidude-client.sh" %}</code></pre>
</div>
{% if "ikev2" in session.service.protocols %}
<h5>Windows {% if session.authority.certificate.algorithm == "ec" %}10{% else %}7 and up{% endif %}</h5>
<p>On Windows execute following PowerShell script</p>
<div class="highlight"><pre class="code"><code>{% include "snippets/windows.ps1" %}</code></pre></div>
{% endif %}
<h5>UNIX & UNIX-like</h5>
<p>For client certificates generate key pair and submit the signing request with common name set to short hostname:</p>
<div class="highlight">
<pre class="code"><code>{% include "snippets/request-client.sh" %}</code></pre>
</div>
<p>For server certificates use fully qualified hostname as common name and sign request accordingly:</p>
<div class="highlight">
<pre class="code"><code>{% include "snippets/request-server.sh" %}</code></pre>
</div>
<p>To renew:</p>
<div class="highlight">
<pre class="code"><code>{% include "snippets/renew.sh" %}</code></pre>
</div>
{% if "openvpn" in session.service.protocols %}
<h5>OpenVPN as client</h5>
<p>First acquire certificates using the snippet above.</p>
<p>Then install software:</p>
<div class="highlight"><pre class="code"><code>{% include "snippets/openvpn-client.sh" %}</code></pre></div>
{% endif %}
{% if "ikev2" in session.service.protocols %}
<h5>StrongSwan as client</h5>
<p>First acquire certificates using the snippet above.</p>
<p>Then install software:</p>
<div class="highlight">
<pre class="code"><code>{% include "snippets/strongswan-patching.sh" %}</code></pre>
</div>
<p>To configure StrongSwan as roadwarrior:</p>
<div class="highlight"><pre class="code"><code>{% include "snippets/strongswan-client.sh" %}</code></pre></div>
{% endif %}
<h5>OpenWrt/LEDE as VPN gateway</h5>
<p>First enroll certificates using the snippet from UNIX section above</p>
<p>Then:</p>
<div class="highlight">
<pre class="code"><code>opkg install curl libmbedtls
# Derive FQDN from WAN interface's reverse DNS record
FQDN=$(nslookup $(uci get network.wan.ipaddr) | grep "name =" | head -n1 | cut -d "=" -f 2 | xargs)
grep -c certidude /etc/sysupgrade.conf || echo /etc/certidude >> /etc/sysupgrade.conf
{% include "snippets/gateway-updown.sh" %}
</code></pre>
</div>
{% if "openvpn" in session.service.protocols %}
<p>Then either set up OpenVPN service:</p>
<div class="highlight">
<pre class="code"><code>{% include "snippets/openwrt-openvpn.sh" %}</code></pre>
</div>
{% endif %}
{% if "ikev2" in session.service.protocols %}
<p>Alternatively or additionally set up StrongSwan:</p>
<div class="highlight">
<pre class="code"><code>opkg update
opkg install curl openssl-util strongswan-full strongswan-mod-openssl kmod-crypto-echainiv kmod-crypto-gcm
{% include "snippets/strongswan-server.sh" %}
ipsec restart</code></pre>
</div>
{% endif %}
{% if session.authority.builder %}
<h5>OpenWrt/LEDE image builder</h5>
<p>Hit a link to generate machine specific image. Note that this might take couple minutes to finish.</p>
<ul>
{% for name, title, filename in session.authority.builder.profiles %}
<li><a href="/api/build/{{ name }}/{{ filename }}">{{ title }}</a></li>
{% endfor %}
</ul>
{% endif %}
<h5>SCEP</h5>
<p>Use following as the enrollment URL: http://{{ authority_name }}/cgi-bin/pkiclient.exe</p>
<h5>Copy & paste</h5>
<p>Use whatever tools you have available on your platform to generate
keypair and just paste ASCII armored PEM file contents here and hit submit:</p>
<textarea id="request_body" style="width:100%; min-height: 10em;"
placeholder="-----BEGIN CERTIFICATE REQUEST-----"></textarea>
</div>
<div class="modal-footer">
<div class="btn-group">
<button type="button" onclick="onSubmitRequest();" class="btn btn-primary"><i class="fa fa-upload"></i> Submit</button>
<button type="button" class="btn btn-secondary" data-dismiss="modal"><i class="fa fa-ban"></i> Close</button>
</div>
</div>
</form>
</div>
</div>
</div>
<div class="modal fade" id="revocation_list_modal" role="dialog">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h4 class="modal-title">Revocation lists</h4>
</div>
<div class="modal-body">
<p>To fetch <a href="http://{{authority_name}}/api/revoked/">certificate revocation list</a>:</p>
<pre><code>curl http://{{authority_name}}/api/revoked/ > crl.der
curl http://{{authority_name}}/api/revoked/ -L -H "Accept: application/x-pem-file"
curl http://{{authority_name}}/api/revoked/?wait=yes -L -H "Accept: application/x-pem-file" > crl.pem</code></pre>
</div>
<div class="modal-footer">
<button type="button" class="btn" data-dismiss="modal">Close</button>
</div>
</div>
</div>
</div>
<div class="row">
<div class="col-sm-{{ column_width }}">
<h1>Signed certificates</h1>
<p>Authority administration allowed for
{% for user in session.authority.admin_users %}<a href="mailto:{{ user.mail}}">{{ user.given_name }} {{user.surname }}</a>{% if not loop.last %}, {% endif %}{% endfor %} from {% if "0.0.0.0/0" in session.authority.admin_subnets %}anywhere{% else %}
{% for subnet in session.authority.admin_subnets %}{{ subnet }}{% if not loop.last %}, {% endif %}{% endfor %}{% endif %}.
Authority certificate can be downloaded from <a href="/api/certificate/">here</a>.
Following certificates have been signed:</p>
<div id="signed_certificates">
{% for certificate in session.authority.signed | sort(attribute="signed", reverse=true) %}
{% include "views/signed.html" %}
{% endfor %}
</div>
</div>
<div class="col-sm-{{ column_width }}">
{% if session.authority %}
{% if session.features.token %}
<h1>Tokens</h1>
<p>Tokens allow enrolling smartphones and third party devices.</p>
<ul>
<li>You can issue yourself a token to be used on a mobile device</li>
<li>Enter username to issue a token to issue a token for another user</li>
<li>Enter e-mail address to issue a token to guest users outside domain</li>
</ul>
<p>
<div class="input-group">
<input id="token_username" name="username" type="text" class="form-control" placeholder="Username" aria-describedby="sizing-addon2">
<input id="token_mail" name="mail" type="mail" class="form-control" placeholder="Optional e-mail" aria-describedby="sizing-addon2">
<span class="input-group-btn">
<button class="btn btn-secondary" type="button" onClick="onSendToken();"><i class="fa fa-send"></i> Send token</button>
</span>
</div>
</p>
<div id="token_qrcode"></div>
{% endif %}
<h1>Pending requests</h1>
<p>Use Certidude client to apply for a certificate.
{% if not session.authority.request_subnets %}
Request submission disabled.
{% elif "0.0.0.0/0" in session.authority.request_subnets %}
Request submission is enabled.
{% else %}
Request submission allowed from
{% for subnet in session.authority.request_subnets %}
{{ subnet }}{% if not loop.last %}, {% endif %}
{% endfor %}.
{% endif %}
See <a href="#request_submission_modal" data-toggle="modal">here</a> for more information on manual signing request upload.
{% if session.authority.autosign_subnets %}
{% if "0.0.0.0/0" in session.authority.autosign_subnets %}
All requests are automatically signed.
{% else %}
Requests from
{% for subnet in session.authority.autosign_subnets %}
{{ subnet }}{% if not loop.last %}, {% endif %}
{% endfor %}
are automatically signed.
{% endif %}
{% endif %}
</p>
<div id="pending_requests">
{% for request in session.authority.requests | sort(attribute="submitted", reverse=true) %}
{% include "views/request.html" %}
{% endfor %}
</div>
{% if columns >= 3 %}
</div>
<div class="col-sm-{{ column_width }}">
{% endif %}
<h1>Revoked certificates</h1>
<p>Following certificates have been revoked{% if session.features.crl %}, for more information click
<a href="#revocation_list_modal" data-toggle="modal">here</a>{% endif %}.</p>
{% for certificate in session.authority.revoked | sort(attribute="revoked", reverse=true) %}
{% include "views/revoked.html" %}
{% endfor %}
</div>
<div id="column-log" class="col-sm-{% if columns == 4 %}{{ column_width }}{% else %}12{% endif %}" {% if columns < 4 %}style="display:none;"{% endif %}>
<div class="loader-container">
<div class="loader"></div>
<p>Loading logs, this might take a while...</p>
</div>
<div class="content" style="display:none;">
<h1>Log</h1>
<div class="btn-group" data-toggle="buttons">
<label class="btn btn-primary active"><input id="log-level-critical" type="checkbox" autocomplete="off" checked> Critical</label>
<label class="btn btn-primary active"><input id="log-level-errors" type="checkbox" autocomplete="off" checked> Errors</label>
<label class="btn btn-primary active"><input id="log-level-warnings" type="checkbox" autocomplete="off" checked> Warnings</label>
<label class="btn btn-primary active"><input id="log-level-info" type="checkbox" autocomplete="off" checked> Info</label>
<label class="btn btn-primary"><input id="log-level-debug" type="checkbox" autocomplete="off"> Debug</label>
</div>
<ul id="log-entries" class="list-group">
</ul>
</div>
</div>
</div>
{% endif %}
Reference in New Issue View Git Blame Copy Permalink