preserve = no
policy = policy_match
email_in_dn = no
+copy_extensions = copyall
[ policy_match ]
countryName = optional
WARNING: untranslated string: no entries = No entries at the moment.
WARNING: untranslated string: optional = Optional
WARNING: untranslated string: pakfire invalid tree = Invalid repository selected
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: required = Required
WARNING: untranslated string: references = References
WARNING: untranslated string: refresh = Refresh
WARNING: untranslated string: refresh index page while connected = Refresh index.cgi page while connected
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
WARNING: untranslated string: openvpn cert expires soon = Expires Soon
WARNING: untranslated string: openvpn cert has expired = Expired
WARNING: untranslated string: pakfire ago = ago.
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: log drop hostile in = Log dropped packets FROM hostile networks
WARNING: untranslated string: log drop hostile out = Log dropped packets TO hostile networks
WARNING: untranslated string: pakfire ago = ago.
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: route config changed = unknown string
WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
WARNING: untranslated string: received = Received
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
WARNING: untranslated string: rdns = rDNS
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
WARNING: untranslated string: received = Received
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: required = Required
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
WARNING: untranslated string: received = Received
WARNING: untranslated string: red1 = RED
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
WARNING: untranslated string: received = Received
WARNING: untranslated string: red1 = RED
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
WARNING: untranslated string: reboot fsck = Reboot & run ‘fsck’
WARNING: untranslated string: rebooting ipfire fsck = Rebooting IPFire, forcing filesystem check
WARNING: untranslated string: received = Received
+WARNING: untranslated string: regenerate host certificate = Renew Host Certificate
WARNING: untranslated string: reiserfs warning1 = Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.
WARNING: untranslated string: reiserfs warning2 = Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.
WARNING: untranslated string: release = Release
< optional
< quick control
< random number generator daemon
+< regenerate host certificate
< reiserfs warning1
< reiserfs warning2
< required
< log drop hostile out
< openvpn cert expires soon
< openvpn cert has expired
+< regenerate host certificate
< reiserfs warning1
< reiserfs warning2
< service boot setting unavailable
< hostile networks total
< log drop hostile in
< log drop hostile out
+< regenerate host certificate
< reiserfs warning1
< reiserfs warning2
< spec rstack overflow
< reboot fsck
< rebooting ipfire fsck
< received
+< regenerate host certificate
< reiserfs warning1
< reiserfs warning2
< release
< rdns
< rebooting ipfire fsck
< received
+< regenerate host certificate
< reiserfs warning1
< reiserfs warning2
< required
< rebooting ipfire fsck
< received
< red1
+< regenerate host certificate
< reiserfs warning1
< reiserfs warning2
< release
< rebooting ipfire fsck
< received
< red1
+< regenerate host certificate
< reiserfs warning1
< reiserfs warning2
< release
< reboot fsck
< rebooting ipfire fsck
< received
+< regenerate host certificate
< reiserfs warning1
< reiserfs warning2
< release
exit(0);
}
###
+### Regenerate the host certificate
+###
+} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'regenerate host certificate'}) {
+ $errormessage = ®enerate_host_certificate();
+
+###
### Form for generating/importing the caroot+host certificate
###
} elsif ($cgiparams{'ACTION'} eq $Lang::tr{'generate root/host certificates'} ||
<input type='hidden' name='ACTION' value="$Lang::tr{'download host certificate'}" />
</form>
</td>
- <td width='4%' $col2> </td></tr>
+ <td width='4%' align='center' $col2>
+ <form method='post' action='$ENV{'SCRIPT_NAME'}'>
+ <input type='image' name='$Lang::tr{'regenerate host certificate'}' src='/images/reload.gif' alt='$Lang::tr{'regenerate host certificate'}' title='$Lang::tr{'regenerate host certificate'}' />
+ <input type='hidden' name='ACTION' value='$Lang::tr{'regenerate host certificate'}' />
+ </form>
+ </td></tr>
END
;
} else {
return join(",", @cidr_nets);
}
+
+sub regenerate_host_certificate() {
+ my $errormessage = "";
+
+ &General::log("ipsec", "Regenerating host certificate...");
+
+ # Create a CSR based on the existing certificate
+ my $opt = " x509 -x509toreq -copy_extensions copyall";
+ $opt .= " -signkey ${General::swroot}/certs/hostkey.pem";
+ $opt .= " -in ${General::swroot}/certs/hostcert.pem";
+ $opt .= " -out ${General::swroot}/certs/hostreq.pem";
+ $errormessage = &callssl($opt);
+
+ # Revoke the old certificate
+ if (!$errormessage) {
+ &General::log("ipsec", "Revoking the old host cert...");
+
+ my $opt = " ca -revoke ${General::swroot}/certs/hostcert.pem";
+ $errormessage = &callssl($opt);
+ }
+
+ # Sign the host certificate request
+ if (!$errormessage) {
+ &General::log("ipsec", "Self signing host cert...");
+
+ my $opt = " ca -md sha256 -days 825";
+ $opt .= " -batch -notext";
+ $opt .= " -in ${General::swroot}/certs/hostreq.pem";
+ $opt .= " -out ${General::swroot}/certs/hostcert.pem";
+ $errormessage = &callssl ($opt);
+
+ unlink ("${General::swroot}/certs/hostreq.pem"); #no more needed
+ }
+
+ # Reload the new certificate
+ if (!$errormessage) {
+ &General::system('/usr/local/bin/ipsecctrl', 'R');
+ }
+
+ return $errormessage;
+}
'refresh' => 'Refresh',
'refresh index page while connected' => 'Refresh index.cgi page while connected',
'refresh update list' => 'Refresh update list',
+'regenerate host certificate' => 'Renew Host Certificate',
'registered user rules' => 'Talos VRT rules for registered users',
'reiserfs warning1' => 'Reiserfs is deprecated and scheduled to be removed from the kernel in 2025.',
'reiserfs warning2' => 'Ensure a fresh installation is made using either ext4 or xfs filesystems before that date.',
projects / ipfire-2.x.git / commitdiff
