diff --git a/certmgr/certmgr-lib.pl b/certmgr/certmgr-lib.pl
old mode 100755
new mode 100644
index d0be0a431..511701af6
--- a/certmgr/certmgr-lib.pl
+++ b/certmgr/certmgr-lib.pl
@@ -60,7 +60,8 @@ sub print_sign_form {
print &ui_table_start($text{'signcsr_header'}, undef, 2);
print &ui_table_row($text{'signcsr_csrfile'}, &ui_textbox("csrfile", $in{'csrfile'}, 40), undef, $valign_middle);
print &ui_table_row($text{'signcsr_signfile'}, &ui_textbox("signfile", $in{'signfile'}, 40), undef, $valign_middle);
- print &ui_table_row($text{'signcsr_keyfile'}, &ui_textbox("keycertfile", $in{'keycertfile'}, 40), undef, $valign_middle);
+ print &ui_table_row($text{'signcsr_keycertfile'}, &ui_textbox("cacertfile", $in{'cacertfile'}, 40), undef, $valign_middle);
+ print &ui_table_row($text{'signcsr_keyfile'}, &ui_textbox("cakeyfile", $in{'cakeyfile'}, 40), undef, $valign_middle);
print &ui_table_row(&ui_link("/help.cgi/certmgr/signcsr_ca_pass",
"$text{'signcsr_ca_passphrase'}", undef,
"onClick='window.open(\"/help.cgi/certmgr/signcsr_ca_pass\", \"help\", \"toolbar=no,menubar=no,scrollbars=yes,width=400,height=300,resizable=yes\"); return false;'"),
diff --git a/certmgr/lang/de b/certmgr/lang/de
index d08f4a5b7..c1398d6ea 100644
--- a/certmgr/lang/de
+++ b/certmgr/lang/de
@@ -109,6 +109,7 @@ signcsr_days=Anzahl der Tage der Zertifizierung für
signcsr_desc=Auf dieser Seite können Sie eine signiertes CSR von jemand anderem mit einem eigenen privaten Schlüssel signieren.
signcsr_e_nocsrfile=Keinen CSR Dateinamen eingegeben
signcsr_e_nokeyfile=Kein CA privater Schlüssel oder Zertifikats-Datei eingegeben
+signcsr_e_nopassword=Es wurde kein CA-Kennwort eingegeben
signcsr_e_nosignfile=Kein signiertes Zertifikats-Dateiname eingegeben
signcsr_e_signfailed=Fehler, signiertes Zertifikat nicht generiert
signcsr_generate=Signiere Zertifikat
diff --git a/certmgr/lang/en b/certmgr/lang/en
old mode 100755
new mode 100644
index 0be7e8291..ebf94c3ce
--- a/certmgr/lang/en
+++ b/certmgr/lang/en
@@ -135,6 +135,7 @@ signcsr_generate=Sign Certificate
signcsr_e_nocsrfile=No CSR filename entered
signcsr_e_nosignfile=No signed certificate filename entered
signcsr_e_nokeyfile=No CA private key file or certificate file entered
+signcsr_e_nopassword=No CA private key password entered
signcsr_e_signfailed=Error, signed certificate not generated
signcsr_worked=Signed certificate generated
signcsr_saved_cert=The certificate was saved as
diff --git a/certmgr/lang/es b/certmgr/lang/es
old mode 100755
new mode 100644
index 0f82f44ef..afe2d34ae
--- a/certmgr/lang/es
+++ b/certmgr/lang/es
@@ -114,3 +114,5 @@ import_upload_cert=Upload Certificate
import_key_file=Key file to upload
import_key_destination=Destination directory of key
import_upload_key=Upload Key
+
+signcsr_e_nopassword=No CA private key password entered
diff --git a/certmgr/signcsr.cgi b/certmgr/signcsr.cgi
old mode 100755
new mode 100644
index ed822d070..590756452
--- a/certmgr/signcsr.cgi
+++ b/certmgr/signcsr.cgi
@@ -15,7 +15,10 @@ if ($in{'submitted'} eq "sign") {
if (!$in{'signfile'}) {
$error.=$text{'signcsr_e_nosignfile'}."
\n";
}
- if (!$in{'keyfile'} || !$in{'keycertfile'}) {
+ if (!$in{'cakeyfile'}) {
+ $error.=$text{'signcsr_e_nokeyfile'}."
\n";
+ }
+ if (!$in{'cacertfile'}) {
$error.=$text{'signcsr_e_nokeyfile'}."
\n";
}
if (!$error) {
@@ -27,8 +30,8 @@ if ($in{'submitted'} eq "sign") {
$config{'incsr_filename'}; }
if (!$in{'signfile'}) { $in{'signfile'}=$config{'ssl_cert_dir'}."/".
$config{'sign_filename'}; }
- if (!$in{'keyfile'}) { $in{'keyfile'}=$config{'cakey_path'}; }
- if (!$in{'keycertfile'}) { $in{'keycertfile'}=$config{'cacert_path'};}
+ if (!$in{'cacertfile'}) { $in{'cacertfile'}=$config{'cacert_path'}; }
+ if (!$in{'cakeyfile'}) { $in{'cakeyfile'}=$config{'cakey_path'}; }
if (!$in{'days'}) { $in{'days'}=$config{'default_days'}; }
}
@@ -45,10 +48,12 @@ print &ui_hr();
sub process{
&foreign_require("webmin", "webmin-lib.pl");
local %miniserv;
+ local ($tempdir, $des, $out, $url);
+ local $error=0;
&get_miniserv_config(\%miniserv);
if (!$miniserv{'ca'}) {
&webmin::setup_ca();
- }
+ }
if ((-e $in{'signfile'})&&($in{'overwrite'} ne "yes")) {
&overwriteprompt();
print &ui_hr();
@@ -57,11 +62,19 @@ sub process{
}
$tempdir = &tempname();
mkdir($tempdir, 0700);
- if ($in{'password'}){ $des="-passin pass:".quotemeta($in{'password'}); }
- $out = `yes | $config{'openssl_cmd'} ca -in $in{'csrfile'} -out $in{'signfile'} -cert $in{'keycertfile'} -keyfile $in{'keyfile'} -outdir $tempdir -days $in{'days'} -config $config_directory/acl/openssl.cnf $des 2>&1`;
+ if (keyfile_is_encrypted($in{'cakeyfile'})) {
+ if ($in{'password'}) { $des="-passin pass:".quotemeta($in{'password'}); }
+ else {
+ print "$text{'signcsr_e_signfailed'}\n$text{'signcsr_e_nopassword'}\n";
+ print &ui_hr();
+ &footer("", $text{'index_return'});
+ exit;
+ }
+ }
+ $out = `yes | $config{'openssl_cmd'} ca -in $in{'csrfile'} -out $in{'signfile'} -cert $in{'cacertfile'} -keyfile $in{'cakeyfile'} -outdir $tempdir -days $in{'days'} -config $config{'ssl_cnf_file'} $des 2>&1`;
system("rm -rf $tempdir");
- if (!-e $in{'csrfile'}) {
+ if ($out =~ /^ERROR(.*$)/mi || $out =~ /:error:/mi) {
$error=$out;
} else{
$error=0;
@@ -109,3 +122,12 @@ sub overwriteprompt{
print &ui_table_end();
}
+
+sub keyfile_is_encrypted{
+ my $key=$_[0];
+ my $encrypted=0;
+ open(KFILE,$key)||return(0);
+ while(){ if (/^Proc.*ENCRYPTED.*$/mi) { $encrypted=1; last; } }
+ close(KFILE);
+ return($encrypted);
+}