pfSense

Update the years in the Copyright notice.

Update fontawesome references in form buttons

Update fontawesome icon names to v6. Implement #13537

Revert "Update fontawesome icon names to v6. Implement #13537"

This reverts commit 32be4696a301144c650f4765b8a2b51e28d95a40.

Update fontawesome icon names to v6. Implement #13537

Update fontawesome. Implement #13537

Rector some direct config array accesses with pure scalar paths.

Amend P12 error for bad ciphers. Fixes #14877

Cast to string before ctype_digit() testing. Fixes #14702

Improve GUI cert digest help text

Instead of calling out one weak digest, mention the current best
practice minimum and that others may fail for being too weak.

Also mention specifics about places which consider weak digests invalid.

Replace abbreviated links from System menu

Skip blank SAN values, make + more clear. Fixes #14124

Update copyright years to include 2023

Rector direct global g accesses

Add CA/Cert invalid descr char list to help. Fixes #13387

RemoveUnusedForeachKeyRector runresults

Allow user to select PKCS#12 encryption. Fixes #13257

Convert P12 export to OpenSSL. Fixes #13257

PHP native method of creating PKCS#12 archives does not support using specific algorithms for encryption, so use the openssl binary instead.

Use AES-256 and SHA256 when encrypting the PKCS#12 data and private key.

Cert-related PHP 8.x changes.

CA/Cert descr validation fixes. Fixes #13387

Validate description on save when editing and in other situations that
were not yet covered.

While here, ensure that errors when editing a cert leave the user on the
cert edit screen properly, but successful cases return to the cert list....

Update the Copyright year of the files owned by Rubicon/Netgate.

Revert "Certmanager mvc"

This reverts commit 033c3ae82d20ca5760ed483cf8d0c947764b2371

Certmanager mvc

Certificate fields input validation. Issue #12035

Revert "Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes."

This reverts commit 8d4fcd7ac1167894136e337fc619e63fa7200fa0.

Clean up some messy HTML in the cert/ca display code. Prep for future MVC changes.

Do not escape special characters in certificate DN fields. Fixes #12034

Show Export P12 icon if certificate is not locally renewable. Fixes #11884

Show Unbound used certificate on the Certificate Manager page. Fixes #11678

Revert copyright symbols

Add registered trdemark symbol where appropriate

Signed CSR import fix. Issue #11275

Update the Copyright year.

A subsequent commit will deal with .po's.

Add product_label global variable

Introduce product_label global variable, by default with same value of
product_name. The idea is to make it easier for rebranded products to
change the name on all visual texts while internal structures are
preserved.

While here, remove deprecated $g['platform'] and also replace places...

Allow import of PKCS12 (pfx) certificates. Issue #8645

Merge pull request #4102 from vktg/impcertonly

Hide PKCS#12 export if private key is empty. Issue #10284

Allow import cert without private key. Issue #9834

Server cert lifetime reduced to 398. Fixes #9825

New requirements coming this fall will require new certs to be valid for at most
398 days. Setup this new requirement now, rather than waiting.

While here, reduce usage of hardcoded value where possible.

encrypt exported key with AES-256. Issue #1192

Merge pull request #4147 from vktg/expkeypasscheck

This is 2020. Issue #9245

spaces to tabs

check export key pass length

hide exportpass field on cert import

GUI improvements for ECDSA certificate handling

• Make central functions to check and test ECDSA compatibility. Issue #9843
• Filter incompatible certificates from being offered for the GUI or Captive Portal. Implements #9897
• Do the same for IPsec, which implements #4991...

Change default ECSDA curve to prime256v1. Issue #9843

Previous default was brainpool, but brainpool curves are not (widely?)
supported by browsers and were deprecated by IETF for TLS v1.3

Add edit screen for Certificate entries.

• Allows editing the name/descr. Implements #7861
• Adds a (not stored) password field and buttons for exporting encrypted private
  keys and PKCS#12 archives. Implements #1192
• More code optimization

CA/Cert optimizations

• Actions are now by refid rather than array index, which is more
  accurate and not as prone to being affected by parallel changes.
• Improved save & config write messages

CA/Cert/CRL code optimizations

While here, use the new download function when exporting items

Enforce a max lifetime for CA/Cert/CRL. Issue #3956

CA validity checks. Fixes #3956

Certificate strength improvements. Fixes #9825

• Change default GUI cert lifetime to 825 days
• Add notes on CA/Cert pages about using potentially insecure parameter
  chocies
• Add visible warnings on CA/Cert pages if paramers are insecure/not
  recommended.

Fix whitespace

Add certificate lifetime to infoblock. Issue #7332

• Adds the total lifetime and lifetime remaining before expiration to
  the info block
• Adds a visual indication to the infoblock and end date when the
  certificate will be expiring soon, or if it has already expired.

Show detailed infoblock on CA and Cert pages. Implements #9856

• Moved info block to common function
• Used that function on CA and Cert pages
• Added more information to the info block

Add GUI code and more backend for CA/Cert Renewal. Issue #9842

Merge pull request #4104 from vktg/geneckey

show the key type and related info in the per-cert info block

spaces to tabs

spaces to tabs

fixes

Merge pull request #4103 from vktg/csreckey

initial version

additions

initial

if spaces fixes

ec key parser

Fix #9719: Fix descriptive name field behavior

Correct wording of CA/Cert CN input validation. Fixes #9234

Fix copyright message years to reflect BSDP -> ESF -> Netgate

Fix empty lines in forms

Fixes a number of empty lines in forms by adding hidden inputs using
`addGlobal` on the form instead of `addInput` on sections or `add` on
groups.

Fix CA/Cert search description. Issue #9412

Add sorting and search to CA/Certs. Implements #9412

Ticket #9308: Replace use of /etc/ca_countries by get_cert_country_codes()

Update copyright notices to 2019. Happy New Year

Rework cert keylen/digest validation. Fixes #9180

Fix #9121: Initialize arrays to prevent PHP 7 errors

Improve handling of empty cert tags. Fixes #9099

Fix redirect back to user mgmt when editing user 0. Fixes #8920

Set default new CA/Cert action to Create Internal. Implements #8851

Certs: Fix CA subject assumptions. Fixes #8801

Several areas made assumptions about the number and order of CA subject
fields that were no longer correct after issue #8381 was corrected.

While here, also remove some outdated references to fields that are no...

Merge pull request #3954 from whislock/crypto-updates

Group CA/Cert CN w/required options. Fixes #8381

Also add a note stating the other fields are optional.

Conform CA/Cert fields to RFC 5280. Fixes #8381

Only required subject field is CN (for simplicity)
e-mail field deprecated from CA/Cert (can still be Cert SAN)

Add 6144/remove 512 from cert size options

Add fixed suggested by jim-p

Moved out of my root directory :(

add cert_get_ocspstaple

Fix function name typo

Add function to detect OCSP Must Staple certs. Ticket #8418 and Ticket #8299

Fix certificate SAN input validation so it does not improperly allow an IP address when FQDN is selected. Fixes #8275

Update the Copyright notice for pfSense.

Change how SANs are generated from the CN, considering that not all CNs will produce a valid SAN. Fixes #8252

Relax OpenVPN wizard cert validation to match that of the cert manager and encode values before using them. Fixes #7854
Also, CDATA escape these fields in config.xml since they will most likely contain characters which are invalid in XML.
While here, fix a cert display issue where a SAN value could be reused from a previous entry in the cert list display.

Add a field to pick a digest algo when signing a CSR, otherwise it ends up with SHA1. Fixes #7853
While here, add the cert serial number and sig digest type to the info block for each cert.

Fix CA reference so serial increases properly. Remove variable for feature that didn't work out. Ticket #7527

Add another possible CSR Armor string when validating. Ticket #7383

Restructure how certificate types and SANs are handled in the cert manager when making a Cert/CSR/Signing, so each section can properly use the controls without duplicating. It is now possible to add SANs and EKUs to certificates when signing using the certificate manager. Fixes #7527 and also Fixes #7677...

Add the ability to set certificate type and SAN attributes in a CSR. Ticket #7527
TODO: They are not carried over after signing in the GUI