MyFavMirrors/MeshCentral
1
0
Fork 0
mirror of https://github.com/Ylianst/MeshCentral.git synced 2025-03-31 17:53:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Added strictCommonName option for matching the Intel AMT ACM activation cert.

Browse Source
This commit is contained in:
Ylian Saint-Hilaire 2022-08-15 21:49:01 -07:00
parent 9ef31ce418
commit 15a76d3932
3 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
certoperations.js
View File

@ -247,6 +247,11 @@ module.exports.CertificateOperations = function (parent) {
// Get the certificate common name // Get the certificate common name
var certCommonName = r.certs[0].subject.getField('CN'); var certCommonName = r.certs[0].subject.getField('CN');
if (certCommonName == null) { amtacmactivation.acmCertErrors.push("Unable to get Intel AMT activation certificate common name."); continue; } if (certCommonName == null) { amtacmactivation.acmCertErrors.push("Unable to get Intel AMT activation certificate common name."); continue; }
if (amtacmactivation.strictcommonname == true) {
// Use the certificate common name exactly
acmconfig.cn = certCommonName.value;
} else {
// Check if Intel AMT will allow some flexibility in the certificate common name
var certCommonNameSplit = certCommonName.value.split('.'); var certCommonNameSplit = certCommonName.value.split('.');
var topLevel = certCommonNameSplit[certCommonNameSplit.length - 1].toLowerCase(); var topLevel = certCommonNameSplit[certCommonNameSplit.length - 1].toLowerCase();
var topLevelNum = TopLevelDomainExtendedSupport[topLevel]; var topLevelNum = TopLevelDomainExtendedSupport[topLevel];
@ -256,6 +261,7 @@ module.exports.CertificateOperations = function (parent) {
} else { } else {
acmconfig.cn = certCommonName.value; acmconfig.cn = certCommonName.value;
} }
}
delete acmconfig.cert; delete acmconfig.cert;
delete acmconfig.certpass; delete acmconfig.certpass;

1
meshcentral-config-schema.json
View File

@ -934,6 +934,7 @@
"additionalProperties": false, "additionalProperties": false,
"properties": { "properties": {
"log": { "type": "string" }, "log": { "type": "string" },
"strictCommonName": { "type": "boolean", "default": false, "description": "When set to true, the certificate common name needs to match exactly the Intel AMT trusted FQDN or DHCP Option 15. If false, some flexibility may be given to the matching." },
"certs": { "certs": {
"type": "object", "type": "object",
"additionalProperties": { "additionalProperties": {

1
sample-config-advanced.json
View File

@ -367,6 +367,7 @@
], ],
"_amtAcmActivation": { "_amtAcmActivation": {
"log": "amtactivation.log", "log": "amtactivation.log",
"strictCommonName": false,
"certs": { "certs": {
"mycertname": { "mycertname": {
"certfiles": [ "certfiles": [