Added support for intermediate CA certs in web server TLS.

certoperations.js

@@ -155,6 +155,19 @@ module.exports.CertificateOperations = function () {
             rcount++;
         }
 
+        // If CA certificates are present, load them
+        var caok, caindex = 1, calist = [];
+        do {
+            caok = false;
+            if (obj.fileExists(directory + '/webserver-cert-chain' + caindex + '.crt')) {
+                var caCertificate = obj.fs.readFileSync(directory + '/webserver-cert-chain' + caindex + '.crt', 'utf8');
+                calist.push(caCertificate);
+                caok = true;
+            }
+            caindex++;
+        } while (caok == true);
+        r.calist = calist;
+                
         // Decode certificate arguments
         var commonName = 'un-configured', country, organization;
         if (certargs != undefined) {
@@ -226,7 +239,7 @@ module.exports.CertificateOperations = function () {
             agentPrivateKey = r.agent.key
         }
 
-        var r = { root: { cert: rootCertificate, key: rootPrivateKey }, web: { cert: webCertificate, key: webPrivateKey }, mps: { cert: mpsCertificate, key: mpsPrivateKey }, agent: { cert: agentCertificate, key: agentPrivateKey }, CommonName: commonName, RootName: rootName };
+        var r = { root: { cert: rootCertificate, key: rootPrivateKey }, web: { cert: webCertificate, key: webPrivateKey }, mps: { cert: mpsCertificate, key: mpsPrivateKey }, agent: { cert: agentCertificate, key: agentPrivateKey }, calist: calist, CommonName: commonName, RootName: rootName };
         if (func != undefined) { func(r); }
         return r;
     }

meshagent.js

@@ -436,7 +436,6 @@ module.exports.CreateMeshAgent = function (parent, db, ws, req, args, domain) {
                 case 'iplocation':
                     {
                         // Sent by the agent to update location information
-                        console.log(command);
                         if ((command.type == 'publicip') && (command.value != null) && (typeof command.value == 'object') && (command.value.ip) && (command.value.loc)) {
                             var x = {};
                             x.publicip = command.value.ip;

meshcentral.js

@@ -299,7 +299,7 @@ function CreateMeshCentralServer() {
                         }
 
                         // Setup and start the redirection server if needed
-                        if (obj.args.redirport != undefined && typeof obj.args.redirport == 'number') {
+                        if ((obj.args.redirport != undefined) && (typeof obj.args.redirport == 'number') && (obj.args.redirport != 0)) {
                             obj.redirserver = require('./redirserver.js').CreateRedirServer(obj, obj.db, obj.args, obj.certificates);
                         }
 

package.json

@@ -1,6 +1,6 @@
 {
   "name": "meshcentral",
-  "version": "0.0.7-o",
+  "version": "0.0.7-p",
   "keywords": [
     "Remote Management",
     "Intel AMT",

webserver.js

@@ -89,7 +89,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
         // Setup the HTTP server with TLS
         //var certOperations = require('./certoperations.js').CertificateOperations();
         //var webServerCert = certOperations.GetWebServerCertificate('./data', 'SampleServer.org', 'US', 'SampleOrg');
-        obj.tlsServer = require('https').createServer({ cert: obj.certificates.web.cert, key: obj.certificates.web.key, rejectUnauthorized: true }, obj.app);
+        obj.tlsServer = require('https').createServer({ cert: obj.certificates.web.cert, key: obj.certificates.web.key, ca: obj.certificates.calist, rejectUnauthorized: true }, obj.app);
         obj.expressWs = require('express-ws')(obj.app, obj.tlsServer);
     }