Certs can start with BEGIN PUBLIC KEY

bind8/save_tls.cgi

@@ -0,0 +1,38 @@
+#!/usr/local/bin/perl
+# Create, update or delete a TLS key and cert
+
+use strict;
+use warnings;
+no warnings 'redefine';
+no warnings 'uninitialized';
+our (%access, %text, %in);
+
+require './bind8-lib.pl';
+$access{'defaults'} || &error($text{'tls_ecannot'});
+&supports_tls() || &error($text{'tls_esupport'});
+&ReadParse();
+&error_setup($in{'new'} ? $text{'tls_cerr'} :
+	     $in{'delete'} ? $text{'tls_derr'} : $text{'tls_err'});
+
+# Get the TLS config being edited
+my $tls;
+if (!$in{'new'}) {
+	my $conf = &get_config();
+	my @tls = &find("tls", $conf);
+	($tls) = grep { $_->{'values'}->[0] eq $in{'name'} } @tls;
+	$tls || &error($text{'tls_egone'});
+	}
+else {
+	$tls = { 'values' => [],
+		 'members' => [] };
+	}
+
+if ($in{'delete'}) {
+	# Just remove this one TLS key, if unused
+	}
+else {
+	# Validate inputs
+	$in{'name'} =~ /^[a-z0-9\-\_]+$/i || &error($text{'tls_ename'});
+	}
+
+

webmin/webmin-lib.pl

@@ -1161,12 +1161,12 @@ my $key = &read_file_contents($keyfile);
 $key =~ /BEGIN (RSA |EC )?PRIVATE KEY/i ||  
 	&error(&text('ssl_ekey2', $keyfile));
 if (!$certfile) {
-	$key =~ /BEGIN CERTIFICATE/ || &error(&text('ssl_ecert2', $keyfile));
+	$key =~ /BEGIN (CERTIFICATE|PUBLIC KEY)/ || &error(&text('ssl_ecert2', $keyfile));
 	}
 else {
 	-r $certfile || return &error(&text('ssl_ecert', $certfile));
 	my $cert = &read_file_contents($certfile);
-	$cert =~ /BEGIN CERTIFICATE/ || &error(&text('ssl_ecert2', $certfile));
+	$cert =~ /BEGIN (CERTIFICATE|PUBLIC KEY)/ || &error(&text('ssl_ecert2', $certfile));
 	}
 }