Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853While here, add the cert serial number and sig digest type to the info block for each cert.
Fix CA reference so serial increases properly. Remove variable for feature that didn't work out. Ticket #7527
Restructure how certificate types and SANs are handled in the cert manager when making a Cert/CSR/Signing, so each section can properly use the controls without duplicating. It is now possible to add SANs and EKUs to certificates when signing using the certificate manager. Fixes #7527 and also Fixes #7677...
Add the ability to set certificate type and SAN attributes in a CSR. Ticket #7527TODO: They are not carried over after signing in the GUI
Fix some additional cases for CN->SAN handling, and move some code to a function to avoid duplication for other pending uses. Ticket #7666
Allow a wider range of characters to be used in certificate fields, as laid out by RFC 4514. Fixes #7540
Show SAN, KU, and EKU info in the certificate list. Implements #7505While here, also fix "server" cert detection to key off of the EKU For "TLS Web Server Authentication" since nsCertType has been deprecated.
Merge pull request #3699 from PiBa-NL/20170417-certificatemanager-ca-crl-inuse
certificate manager, allow importing of ECC certificates, change multiple 'if' to 'switch'
certificate manager, show 'in use' also for CA and CRL where certificates are in use by packages.
certificate manager, allow importing of ECC certificates
Remove whirlpool from the list of CA/Cert digest algorithms as it does not work properly. OpenSSL claims it's not valid ("unknown signature algorithm"). Fixes #7370While I'm here, stop needlessly repeating the algo list, it's a global in certs.inc, so use that single copy of the list.
certificatemanager, link certificate to the proper CA after completing the CSR request
Fix certificate generation for CAs without a serial set on import. Fixes #6952
Add some CA in-use test utility functions. Ticket #6947
Put original match back
Did not mean to remove SSL substring from the check...
Fix nsCertType matching for some certificates (Bug #6877)
See https://redmine.pfsense.org/issues/6877#note-4
Move copyright from ESF to Netgate
Move to Apache License 2.0
Review license / copyright on all files (1st round)
Merge pull request #2994 from stilez/patch-31
Get modulus keysize
Useful utility function when it's necessary to verify that existing keys meets current practices
Add missing recommended digest
Do not allow certificate to be deleted if it's been used by a package. Fixes #4142
Update license on files from /etc/inc
Remove all pfSense_MODULE and pfSense_BUILDER_BINARIES definitions, whatever was the reason they were added, it was never finished and it's not being used
etc inc delete $Id comments
and bits of white space.Note: There are plenty of files still with old-format copyright sectionsin here.
Add 'caref' attribute to the ca object passed into ca_inter_create so arelationship to the signing CA can be maintained. Fixes #5313.
Move main pfSense content to src/