Added GUI to create certificates for freeradius (CA, server, clients)

1 files changed, 267 insertions, 0 deletions

diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml
new file mode 100644
index 00000000..7503fe49
--- /dev/null
+++ b/config/freeradius2/freeradiuscerts.xml
@@ -0,0 +1,267 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
+<packagegui>
+		<copyright>
+		<![CDATA[
+/* $Id$ */
+/* ========================================================================== */
+/*
+    authng.xml
+    part of pfSense (http://www.pfSense.com)
+    Copyright (C) 2007 to whom it may belong
+    All rights reserved.
+
+    Based on m0n0wall (http://m0n0.ch/wall)
+    Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+    All rights reserved.
+                                                                              */
+/* ========================================================================== */
+/*
+    Redistribution and use in source and binary forms, with or without
+    modification, are permitted provided that the following conditions are met:
+
+     1. Redistributions of source code must retain the above copyright notice,
+        this list of conditions and the following disclaimer.
+
+     2. Redistributions in binary form must reproduce the above copyright
+        notice, this list of conditions and the following disclaimer in the
+        documentation and/or other materials provided with the distribution.
+
+    THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+    INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+    AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+    AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+    OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+    SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+    INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+    CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+    ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+    POSSIBILITY OF SUCH DAMAGE.
+                                                                              */
+/* ========================================================================== */
+		]]>
+	</copyright>
+	<description><![CDATA[Describe your package here]]></description>
+	<requirements>Describe your package requirements here</requirements>
+	<faq>Currently there are no FAQ items provided.</faq>
+	<name>freeradiuscerts</name>
+	<version>none</version>
+	<title>FreeRADIUS: Certificates</title>
+	<aftersaveredirect>pkg_edit.php?xml=freeradiuscerts.xml&amp;id=0</aftersaveredirect>
+	<include_file>/usr/local/pkg/freeradius.inc</include_file>
+	<tabs>
+		<tab>
+			<text>Users</text>
+			<url>/pkg.php?xml=freeradius.xml</url>
+		</tab>
+		<tab>
+			<text>NAS / Clients</text>
+			<url>/pkg.php?xml=freeradiusclients.xml</url>
+		</tab>
+		<tab>
+			<text>Interfaces</text>
+			<url>/pkg.php?xml=freeradiusinterfaces.xml</url>
+		</tab>
+		<tab>
+			<text>Settings</text>
+			<url>/pkg_edit.php?xml=freeradiussettings.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>EAP</text>
+			<url>/pkg_edit.php?xml=freeradiuseapconf.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>SQL</text>
+			<url>/pkg_edit.php?xml=freeradiussqlconf.xml&amp;id=0</url>
+		</tab>
+		<tab>
+			<text>Certificates</text>
+			<url>/pkg_edit.php?xml=freeradiuscerts.xml&amp;id=0</url>
+			<active/>
+		</tab>
+		<tab>
+			<text>View config</text>
+			<url>/freeradius_view_config.php</url>
+		</tab>
+	</tabs>
+	<fields>
+		<field>
+			<name>GENERAL CONFIGURATION</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Delete ALL existing Certificates ?</fielddescr>
+			<fieldname>varcertsdeleteall</fieldname>
+			<description><![CDATA[This will delete <b>ALL</b> existing CAs, Server-Certs and Client-Certs in freeradius certs folder!<br>
+								You <b>must</b> delete all existing if you want to create new ones. (Default: Yes)<br>
+								<b>Important:</b><br>
+								If you like to use certs created on another PC just disable this and click save.]]></description>
+			<type>select</type>
+			<default_value>yes</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<name>Distinguished Name for CA, Server and Client</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Country Code</fielddescr>
+			<fieldname>varcertscountryname</fieldname>
+			<description><![CDATA[Enter your country Code. (Default: US)]]></description>
+			<type>input</type>
+			<default_value>US</default_value>
+		</field>
+		<field>
+			<fielddescr>State or Province</fielddescr>
+			<fieldname>varcertsstateorprovincename</fieldname>
+			<description><![CDATA[Enter your state or province. (Default: Texas)]]></description>
+			<type>input</type>
+			<default_value>Texas</default_value>
+		</field>
+		<field>
+			<fielddescr>City</fielddescr>
+			<fieldname>varcertslocalityname</fieldname>
+			<description><![CDATA[Enter your city. (Default: Austin)]]></description>
+			<type>input</type>
+			<default_value>Austin</default_value>
+		</field>
+		<field>
+			<fielddescr>Organization</fielddescr>
+			<fieldname>varcertsorganizationname</fieldname>
+			<description><![CDATA[Enter your organization. (Default: My Company Inc)]]></description>
+			<type>input</type>
+			<default_value>My Company Inc</default_value>
+		</field>
+				<field>
+			<fielddescr>Lifetime</fielddescr>
+			<fieldname>varcertsdefaultdays</fieldname>
+			<description><![CDATA[Enter the time after which the CA, Server and Client should expire in days. (Default: 3650)]]></description>
+			<type>input</type>
+			<default_value>3650</default_value>
+		</field>
+		<field>
+			<fielddescr>Key Length</fielddescr>
+			<fieldname>varcertsdefaultbits</fieldname>
+			<description><![CDATA[Enter the key length of CA, Server and Client. (Default: 2048)]]></description>
+			<type>select</type>
+			<default_value>2048</default_value>
+					<options>
+						<option><name>512</name><value>512</value></option>
+						<option><name>1024</name><value>1024</value></option>
+						<option><name>2048</name><value>2048</value></option>
+						<option><name>4096</name><value>4096</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Key Creation Algorithm</fielddescr>
+			<fieldname>varcertsdefaultmd</fieldname>
+			<description><![CDATA[Choose the algotithem which should be used to create the key.<br>
+								There seems to be some OS do not support all algorithms. (Default: md5)]]></description>
+			<type>select</type>
+			<default_value>md5</default_value>
+					<options>
+						<option><name>MD5</name><value>md5</value></option>
+						<option><name>SHA1</name><value>sha1</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>Certificate Password (CA, Server and Client)</fielddescr>
+			<fieldname>varcertspassword</fieldname>
+			<description><![CDATA[Enter the password for the CA, Server and Client.<br>
+								This is the password you need to enter in eap.conf so that freeradius can read the cert. (Default: whatever)]]></description>
+			<type>password</type>
+			<default_value>whatever</default_value>
+		</field>
+		<field>
+			<name>CA specific Configuration</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>E-Mail Address</fielddescr>
+			<fieldname>varcertscaemailaddress</fieldname>
+			<description><![CDATA[Enter the E-Mail address for the CA. (Default: admin@mycompany.com)]]></description>
+			<type>input</type>
+			<default_value>admin@mycompany.com</default_value>
+		</field>
+		<field>
+			<fielddescr>Common Name</fielddescr>
+			<fieldname>varcertscacommonname</fieldname>
+			<description><![CDATA[Enter the common name for the CA. (Default: internal-ca)]]></description>
+			<type>input</type>
+			<default_value>internal-ca</default_value>
+		</field>
+		<field>
+			<name>Server specific Configuration</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>E-Mail Address</fielddescr>
+			<fieldname>varcertsserveremailaddress</fieldname>
+			<description><![CDATA[Enter the E-Mail address for the Server-Cert. (Default: webadmin@mycompany.com)]]></description>
+			<type>input</type>
+			<default_value>webadmin@mycompany.com</default_value>
+		</field>
+		<field>
+			<fielddescr>Common Name</fielddescr>
+			<fieldname>varcertsservercommonname</fieldname>
+			<description><![CDATA[Enter the common name for the Server-Cert. (Default: server-cert)]]></description>
+			<type>input</type>
+			<default_value>server-cert</default_value>
+		</field>
+		<field>
+			<name>Client specific Configuration</name>
+			<type>listtopic</type>
+		</field>
+		<field>
+			<fielddescr>Create a further Client-Certificate</fielddescr>
+			<fieldname>varcertscreateclient</fieldname>
+			<description><![CDATA[This will delete existing <b>Client-Certs</b> in freeradius certs folder!<br>
+								Choose this option if you need multiple Client-Certs.<br>
+								<b>Important:</b> You must backup your old Client-Cert before enabling this option. The new Client-Cert <b>must not</b> have any Common Name as other certificates your created before. (Default: No)<br><br>
+								
+								This is what you should do the very first time when creating certs here:<br>
+								1. Check "Delete ALL Certs...", fill out all fields and create a new CA, new Server and Client Cert<br>
+								2. If you need more than one Client-Cert than backup your first cert using DIAGNOSTICS->COMMAND PROMPT->Download<br>
+								/usr/local/etc/raddb/certs/client.tar<br>
+								3. Disable "Delete ALL Certs..." and enable "Create a further Client-Certificate" and fill out the Client fields<br>
+								4. Repeat step 2. as long as you need.<br><br>
+								
+								
+								<b>Limitations:</b><br>
+								There is no CRL at the moment. Deleting of existing certs from the database (../certs/index.txt) isn't possible from GUI.<br>
+								If you choose a Common Name which already exists in the database (check view config) the .crt will be zero bytes.<br>
+								Choose other Common Name and create a new Client-Cert.
+								]]></description>
+			<type>select</type>
+			<default_value>no</default_value>
+					<options>
+						<option><name>Yes</name><value>yes</value></option>
+						<option><name>No</name><value>no</value></option>
+					</options>
+		</field>
+		<field>
+			<fielddescr>E-Mail Address</fielddescr>
+			<fieldname>varcertsclientemailaddress</fieldname>
+			<description><![CDATA[Enter the E-Mail address for the Client-Cert. (Default: user@mycompany.com)]]></description>
+			<type>input</type>
+			<default_value>user@mycompany.com</default_value>
+		</field>
+		<field>
+			<fielddescr>Common Name</fielddescr>
+			<fieldname>varcertsclientcommonname</fieldname>
+			<description><![CDATA[Enter the common name for the Client-Cert. (Default: client-cert)]]></description>
+			<type>input</type>
+			<default_value>client-cert</default_value>
+		</field>
+	</fields>
+	<custom_delete_php_command>
+	freeradius_allcertcnf_resync();
+	</custom_delete_php_command>
+	<custom_php_resync_config_command>
+	freeradius_allcertcnf_resync();
+	</custom_php_resync_config_command>
+</packagegui>
\ No newline at end of file