Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.
Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853While here, add the cert serial number and sig digest type to the info block for each cert.
Fix CA reference so serial increases properly. Remove variable for feature that didn't work out. Ticket #7527
Add another possible CSR Armor string when validating. Ticket #7383
Restructure how certificate types and SANs are handled in the cert manager when making a Cert/CSR/Signing, so each section can properly use the controls without duplicating. It is now possible to add SANs and EKUs to certificates when signing using the certificate manager. Fixes #7527 and also Fixes #7677...
Add the ability to set certificate type and SAN attributes in a CSR. Ticket #7527TODO: They are not carried over after signing in the GUI
Fix some additional cases for CN->SAN handling, and move some code to a function to avoid duplication for other pending uses. Ticket #7666
Allow a wider range of characters to be used in certificate fields, as laid out by RFC 4514. Fixes #7540
Switch the cert info to an infoblock now that #7505 is fixed. Issue #7505
Show SAN, KU, and EKU info in the certificate list. Implements #7505While here, also fix "server" cert detection to key off of the EKU For "TLS Web Server Authentication" since nsCertType has been deprecated.
Always add the CN as the first SAN when creating a certificate in the GUI or an automatic GUI self-signed certificate. Per RFC 2818, relying on the CN to determine the hostname is deprecated, SANs are required. Chrome 58 started enforcing this requirement. Fixes #7496
Merge pull request #3699 from PiBa-NL/20170417-certificatemanager-ca-crl-inuse
Merge pull request #3629 from doktornotor/patch-18
certificate manager, show 'in use' also for CA and CRL where certificates are in use by packages.
certificate manager, allow importing of ECC certificates
Merge branch 'master' into patch-18
Don't display the "export key" icon if there is no key to export. e.g. If hte cert was created from a pasted-in CSR
Base64 encode private key
Add the ability to save a private key with the newly signed cert
Revised certificate selectors to use refid rather than index
Deleted CSR key textarea - No longer required
Revised error handling for CSR signing
Spelling fix in help text
Improve error detection in Openssl lib
Added the ability to sign a CSR
Add missing include
Remove whirlpool from the list of CA/Cert digest algorithms as it does not work properly. OpenSSL claims it's not valid ("unknown signature algorithm"). Fixes #7370While I'm here, stop needlessly repeating the algo list, it's a global in certs.inc, so use that single copy of the list.
Fix display of openssl errors when working with CA or certificate entries. Found this while looking into ticket #7370
Fixes #7296HTML tags not allowed in selector option values
Correct variable name. Fixes #7297
Revisions to GET/POST conversion limiting POSTs to save, apply, and delete functions
Typo
GET/POST conversion for camanager and certmanager
setHelp and gettext for system*
certificatemanager, don't show information from previous certificate if no cert or csr is present in the cert
Required fields for System pages
Breadcrumb links
If there are input errors when creating a user certificate from the user manager, stop and show the errors rather than appearing to fail silently. Fixes #6953
Ensure that the submitted private key matches the certificate or CA when importing. Ticket #6953
Move copyright from ESF to Netgate
Add a field to CA/Cert pages for OU, which is required by some external CAs and users. Fixes #6672
Move to Apache License 2.0
Review license / copyright on all files (final round)
Remove input_errors2Ajax calls, was never implemented. Ticket #3027
Merge pull request #2944 from stilez/patch-23
Always use require_once
The usage of require() and require_once() throughout the system isinconsistent, and "bugs" come up now and then when the order of"requires" is a bit different and some require() happens after theinclude file is already included/required....
Add missing recommended key lengths/digest to certmanager
System - Miscellaneous - Remove Personalizations
Remove "you" personalizations.
Revert "Merge pull request #2728 from phil-davis/form_button"
This reverts commit a32bed49516f3df3d104a5026a5b2c74451f348f, reversingchanges made to 9ec9978267a5d1985d6da8ba35d52b7174239d2f.
Resolve conflicts with master
Internationalize Form_Button text
The text of a Form_Button is not translated internally. Some Form_Buttoncalls already had the button text enclosed in gettext(), this does itfor the remaining ones.
Indent system_certmanager.php
The 'csr' code block is duplicated. This commit removes it
Fix some Save button quirks. Ticket #5965
More icon and button consistency fixes. Ticket #5965
Icon consistency in Repeatable blocks. Ticket #5965
Update system_certmanager.php
Something felt off about the certificate icons. Particularly the fa-key + P12. I think this is better.
Do not offer the "CA" type when creating a certificate. CAs should only be made on the CAs tab. Fixes #5924
Merge pull request #2637 from k-paulius/patch-6
Review alert wording. End sentence with period, remove redundant 'Warning', 'Error', etc. prefixes, since alerts are now color coded. Remove <b> tags.
Indicate in the breadcrumb if we are editing list item.
Convert section titles to title case
Internationalization of various system*.php
system_certmanager action button titles
Completed #5787
Fixed #5789
Fixed #5566
Convert remaining short_open_tag occurances. See PR #2378
Fixed #5633
Merge pull request #2258 from phil-davis/r015
Code style System Certificates
system_certmanager csr_dn_country keyname error
Someone was recently reporting a problem with certificate signing requests. Maybe this will help.
Remove all pfSense_MODULE and pfSense_BUILDER_BINARIES definitions, whatever was the reason they were added, it was never finished and it's not being used
Standardize Certificate Manager breadcrumbs
Add descriptive name field to CSR completion form
Fix updating of CSR by correcting button nameCosmetic fixes to ldapacpicker to make it usable in 2.3
Don't display start/end times or export icons for CSRs
Fixed #5561 (mostly)
Fixed #5557
Type up SCRIPT tags
Added use of class autoloading (GUI stuff only)
Any GUI script that loads the guiconfig.inc file will have access tothe autoloader.
Copyright updates Batch 2 of 3
Convert system_certmanager.php to font awesome iconsAutomatically add confirmation dialog to all fa-trash icons
Moved action-buttons in-line styling to pfSense.css
replace and find for icon-embed-btn
Updated button styles
Javascript refine to hide Delete row button if there is only one row
fix placeholder copy/pasted from CA screen, back to what it was in 2_2
Completes #5159All duplicated JS removed to included file
Ticket #5204 a clean up pass of the jquery sections
Added the possibility to use wildcard hostnames in certificate manager SAN fields
Corrected typo (delet)
Fixed #5098Page re-written to use jQuery row add/delete
Test version to check certificate generation
Fixed #5094Reformatted as requested
Merge pull request #1853 from PiBa-NL/bootstrap_fix1
Fixed #5028Restored correct delcert action
bootstrap, use require_once for classes/Form.class.php
arrray type changed to associative for country codes