2021-05-27 10:15:46 +00:00
< div id = "certificate-{{ certificate.id }}" class = "card filterable mt-3"
{% if certificate.lease %}data-last-seen={{ certificate.lease.last_seen }}{% endif %}
data-keywords="{{ certificate.common_name }}|{% if session.tagging %}{% for tag in certificate.tags %}{{ tag.id }}|{% endfor %}{% endif %}{% for key, value in certificate.attributes %}{{ key }}={{ value }}|{% endfor %}" data-id="{{certificate.id}}">
< div class = "card-header" >
{% if certificate.organizational_unit %}
< i class = "fa fa-folder" aria-hidden = "true" > < / i >
{{ certificate.organizational_unit }} /
{% endif %}
{% if certificate.extensions.extended_key_usage and "server_auth" in certificate.extensions.extended_key_usage %}
< i class = "fa fa-server" > < / i >
{% else %}
< i class = "fa fa-laptop" > < / i >
{% endif %}
{{ certificate.common_name }}
< / div >
< div class = "card-block" >
< p >
< i class = "fa fa-circle" > < / i >
< span class = "lease" >
{% if certificate.lease %}
{% include "views/lease.html" %}
{% endif %}
< / span >
2021-06-14 10:41:57 +00:00
Approved
< time class = "timeago" datetime = "{{ certificate.signed }}" > Node was approved {{ certificate.signed }}< / time > {% if certificate.signer %} by {{ certificate.signer }}{% endif %},
2021-05-27 10:15:46 +00:00
expires
2021-06-14 10:41:57 +00:00
< time class = "timeago" datetime = "{{ certificate.expires }}" > Node expires {{ certificate.expires }}< / time > .
2021-05-27 10:15:46 +00:00
< / p >
< p >
{% if session.tagging %}
2021-06-01 19:20:39 +00:00
< span class = "tags" data-cn = "{{ certificate.common_name }}" data-id = "{{ certificate.id }}" >
2021-05-27 10:15:46 +00:00
{% include "views/tags.html" %}
< / span >
{% endif %}
< span class = "attributes" data-cn = "{{ certificate.common_name }}" >
{% include "views/attributes.html" %}
< / span >
< / p >
< div class = "btn-group" >
< button type = "button" class = "btn btn-secondary" data-toggle = "collapse" data-target = "#details-{{ certificate.sha256sum }}" > < i class = "fa fa-list" > < / i > Details< / button >
< button type = "button" class = "btn btn-danger"
2021-06-01 19:20:39 +00:00
onclick="javascript:$(this).button('loading');$.ajax({url:'/api/signed/id/{{certificate.id}}/?sha256sum={{ certificate.sha256sum }}',type:'delete'});">
2021-05-27 10:15:46 +00:00
< i class = "fa fa-ban" > < / i > Revoke< / button >
< button type = "button" class = "btn btn-danger dropdown-toggle dropdown-toggle-split" data-toggle = "dropdown" aria-haspopup = "true" aria-expanded = "false" >
< span class = "sr-only" > Toggle Dropdown< / span >
< / button >
< div class = "dropdown-menu" >
< a class = "dropdown-item" href = "#"
2021-06-01 19:20:39 +00:00
onclick="javascript:$(this).button('loading');$.ajax({url:'/api/signed/id/{{certificate.id}}/?sha256sum={{ certificate.sha256sum }}&reason=key_compromise',type:'delete'}); ">Revoke due to key compromise< / a >
2021-05-27 10:15:46 +00:00
< a class = "dropdown-item" href = "#"
2021-06-01 19:20:39 +00:00
onclick="javascript:$(this).button('loading');$.ajax({url:'/api/signed/id/{{certificate.id}}/?sha256sum={{ certificate.sha256sum }}&reason=cessation_of_operation',type:'delete'}); ">Revoke due to cessation of operation< / a >
2021-05-27 10:15:46 +00:00
< a class = "dropdown-item" href = "#"
2021-06-01 19:20:39 +00:00
onclick="javascript:$(this).button('loading');$.ajax({url:'/api/signed/id/{{certificate.id}}/?sha256sum={{ certificate.sha256sum }}&reason=privilege_withdrawn',type:'delete'}); ">Revoke due to withdrawn privilege< / a >
2021-05-27 10:15:46 +00:00
< / div >
< / div >
< div class = "btn-group" >
{% if session.tagging %}
2021-06-01 19:20:39 +00:00
< button type = "button" class = "btn btn-default" onclick = "onNewTagClicked(event);" data-key = "other" data-cn = "{{ certificate.common_name }}" data-id = "{{ certificate.id }}" >
2021-05-27 10:15:46 +00:00
< i class = "fa fa-tag" > < / i > Tag< / button >
< button type = "button" class = "btn btn-default dropdown-toggle dropdown-toggle-split" data-toggle = "dropdown" aria-haspopup = "true" aria-expanded = "false" >
< span class = "sr-only" > Toggle Dropdown< / span >
< / button >
< div class = "dropdown-menu" >
{% for tag_category in session.tagging %}
< a class = "dropdown-item" href = "#" data-key = "{{ tag_category.name }}" data-cn = "{{ certificate.common_name }}"
2021-06-01 19:20:39 +00:00
onclick="onNewTagClicked(event);" data-id="{{ certificate.id }}">{{ tag_category.title }}< / a >
2021-05-27 10:15:46 +00:00
{% endfor %}
< / div >
{% endif %}
< / div >
< div class = "collapse" id = "details-{{ certificate.sha256sum }}" >
< p > To launch shell for this device, click < a href = "#" onclick = "onLaunchShell('{{ certificate.common_name }}')" > here< / a >
< p > To fetch certificate:< / p >
< div class = "bd-example" >
< pre > < code class = "language-sh" data-lang = "sh" > wget < a href = "/api/signed/{{ certificate.common_name }}/" > http://{{ authority.namespace }}/api/signed/{{ certificate.common_name }}< / a >
curl -L http://{{ authority.namespace }}/api/signed/{{ certificate.common_name }}/ \
| openssl x509 -text -noout< / code > < / pre >
< / div >
{% if session.authorization.ocsp_subnets %}
{% if certificate.responder_url %}
< p > To perform online certificate status request{% if "0.0.0.0/0" not in session.authorization.ocsp_subnets %}
from whitelisted {{ session.authorization.ocsp_subnets }} subnets{% endif %}:< / p >
< pre > < code class = "language-bash" data-lang = "bash" > curl http://{{ authority.namespace }}/api/certificate > session.pem
openssl ocsp -issuer session.pem -CAfile session.pem \
-url {{ certificate.responder_url }} \
-serial 0x{{ certificate.serial }}< / code > < / pre >
{% else %}
< p > Querying OCSP responder disabled for this certificate, see /etc/certidude/profile.conf how to enable if that's desired< / p >
{% endif %}
{% endif %}
< p > To fetch script:< / p >
< pre > < code class = "language-bash" data-lang = "bash" > curl -L --cert-status https://{{ authority.namespace }}:8443/api/signed/{{ certificate.common_name }}/script/ \
--cacert /etc/certidude/authority/{{ authority.namespace }}/ca_cert.pem \
--key /etc/certidude/authority/{{ authority.namespace }}/host_key.pem \
--cert /etc/certidude/authority/{{ authority.namespace }}/host_cert.pem< / pre > < / code >
< div style = "overflow: auto; max-width: 100%;" >
< table class = "table" id = "signed_certificates" >
< tbody >
< tr > < th > Common name< / th > < td > {{ certificate.common_name }}< / td > < / tr >
< tr > < th > Organizational unit< / th > < td > {% if certificate.organizational_unit %}{{ certificate.organizational_unit }}{% else %}-{% endif %}< / td > < / tr >
< tr > < th > Serial number< / th > < td style = "word-wrap:break-word;" > {{ certificate.serial | serial }}< / td > < / tr >
< tr > < th > Signed< / th > < td > {{ certificate.signed | datetime }}{% if certificate.signer %} by {{ certificate.signer }}{% endif %}< / td > < / tr >
< tr > < th > Expires< / th > < td > {{ certificate.expires | datetime }}< / td > < / tr >
{% if certificate.lease %}
< tr > < th > Lease< / th > < td > < a href = "http://{{ certificate.lease.inner_address }}" > {{ certificate.lease.inner_address }}< / a > at {{ certificate.lease.last_seen | datetime }}
from < a href = "https://geoiptool.com/en/?ip={{ certificate.lease.outer_address }}" target = "_blank" > {{ certificate.lease.outer_address }}< / a >
< / td > < / tr >
{% endif %}
<!--
< tr > < th > MD5< / th > < td > {{ certificate.md5sum }}< / td > < / tr >
< tr > < th > SHA1< / th > < td > {{ certificate.sha1sum }}< / td > < / tr >
-->
< tr > < th > SHA256< / th > < td style = "word-wrap:break-word; overflow-wrap: break-word; " > {{ certificate.sha256sum }}< / td > < / tr >
{% if certificate.key_usage %}
< tr > < th > Key usage< / th > < td > {{ certificate.key_usage | join(", ") | replace("_", " ") }}< / td > < / tr >
{% endif %}
{% if certificate.extended_key_usage %}
< tr > < th > Extended key usage< / th > < td > {{ certificate.extended_key_usage | join(", ") | replace("_", " ") }}< / td > < / tr >
{% endif %}
< / tbody >
< / table >
< / div >
< / div >
< / div >
< / div >