Merge pull request #576 from darksoul42/master

Separate CAs for client certs and server cert chain
author: Ermal Luçi <eri@pfsense.org> 2014-02-19 10:22:52 +0100
committer: Ermal Luçi <eri@pfsense.org> 2014-02-19 10:22:52 +0100
commit: 264f50db69f448739f7cbce8a15dd1a9af718837 (patch)
tree: ce2af3a14cc3f686584335b50b488cce1f9cf735 /config
parent: 097471e282e1e6066ee29c1ea5e12374ba077287 (diff)
parent: 9a33bc918c1078402479101249b770ebc7e64d6b (diff)
download: pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.tar.gz
pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.tar.bz2
pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.zip
2 files changed, 19 insertions, 4 deletions
diff --git a/config/apache_mod_security-dev/apache_mod_security.inc b/config/apache_mod_security-dev/apache_mod_security.inc
index 31be95cf..2728e2e9 100644
--- a/config/apache_mod_security-dev/apache_mod_security.inc
+++ b/config/apache_mod_security-dev/apache_mod_security.inc
@@ -569,9 +569,14 @@ EOF;
 							$vh_config.= " SSLCertificateKeyFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert"]}.key\n";
 			       			}
 						}
-					$svr_ca =lookup_ca($virtualhost["reverse_int_ca"]);
+					$svr_ca =lookup_ca($virtualhost["ssl_cert_chain"]);
 					if ($svr_ca != false) {
-							file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX);
+							file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt",apache_textarea_decode($svr_ca['crt']),LOCK_EX);
+							$vh_config.= " SSLCertificateChainFile ". APACHEDIR . "/etc/apache22/{$virtualhost["ssl_cert_chain"]}.crt\n";
+							}
+					$cli_ca =lookup_ca($virtualhost["reverse_int_ca"]);
+					if ($cli_ca != false) {
+							file_put_contents(APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt",apache_textarea_decode($cli_ca['crt']),LOCK_EX);
 							$vh_config.= " SSLCACertificateFile ". APACHEDIR . "/etc/apache22/{$virtualhost["reverse_int_ca"]}.crt\n";
 							}
 					}
diff --git a/config/apache_mod_security-dev/apache_virtualhost.xml b/config/apache_mod_security-dev/apache_virtualhost.xml
index 747ef975..7851e683 100644
--- a/config/apache_mod_security-dev/apache_virtualhost.xml
+++ b/config/apache_mod_security-dev/apache_virtualhost.xml
@@ -267,9 +267,19 @@
 			<show_disable_value>none</show_disable_value>
 		</field>
 		<field>
-			<fielddescr>Intermediate CA certificate (optional)</fielddescr>
+			<fielddescr>HTTPS SSL certificate chain</fielddescr>
+			<fieldname>ssl_cert_chain</fieldname>
+			<description>Select intermediate CA assigned to server certificate. Not all certificates require this.</description>
+			<type>select_source</type>
+			<source><![CDATA[$config['ca']]]></source>
+			<source_name>descr</source_name>
+			<source_value>refid</source_value>
+			<show_disable_value>none</show_disable_value>
+		</field>
+		<field>
+			<fielddescr>Client certificates CA (optional)</fielddescr>
 			<fieldname>reverse_int_ca</fieldname>
-			<description>Select intermediate CA assigned to certificate. Not all certificates require this.</description>
+			<description>Select CA assigned to client certificates.</description>
 			<type>select_source</type>
 			<source><![CDATA[$config['ca']]]></source>
 			<source_name>descr</source_name>
author	Ermal Luçi <eri@pfsense.org>	2014-02-19 10:22:52 +0100
committer	Ermal Luçi <eri@pfsense.org>	2014-02-19 10:22:52 +0100
commit	264f50db69f448739f7cbce8a15dd1a9af718837 (patch)
tree	ce2af3a14cc3f686584335b50b488cce1f9cf735 /config
parent	097471e282e1e6066ee29c1ea5e12374ba077287 (diff)
parent	9a33bc918c1078402479101249b770ebc7e64d6b (diff)
download	pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.tar.gz pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.tar.bz2 pfsense-packages-264f50db69f448739f7cbce8a15dd1a9af718837.zip