Added new rootCertCommonName option is config.json setting to change the default root common name when generating the root certificate, #4221

2022-07-05 13:44:24 -07:00 · 2022-07-05 13:44:24 -07:00 · acd281c990
parent f2c5f4efdb
commit acd281c990
2 changed files with 9 additions and 2 deletions
--- a/certoperations.js
+++ b/certoperations.js
@ -1006,7 +1006,13 @@ module.exports.CertificateOperations = function (parent) {
        if (r.root == null) {
            // If the root certificate does not exist, create one
            console.log("Generating root certificate...");
-            rootCertAndKey = obj.GenerateRootCertificate(true, 'MeshCentralRoot', null, null, strongCertificate);
+            if (typeof args.rootcertcommonname == 'string') {
+                // If a root certificate common name is specified, use it.
+                rootCertAndKey = obj.GenerateRootCertificate(false, args.rootcertcommonname, null, null, strongCertificate);
+            } else {
+                // A root certificate common name is not specified, use the default one.
+                rootCertAndKey = obj.GenerateRootCertificate(true, 'MeshCentralRoot', null, null, strongCertificate);
+            }
            rootCertificate = obj.pki.certificateToPem(rootCertAndKey.cert);
            rootPrivateKey = obj.pki.privateKeyToPem(rootCertAndKey.key);
            obj.fs.writeFileSync(parent.getConfigFilePath('root-cert-public.crt'), rootCertificate);
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@ -199,7 +199,7 @@
          "type": "object",
          "properties": {
            "mongoDumpPath": { "type": "string" },
-            "mysqlDumpPath": { "type": "string"},
+            "mysqlDumpPath": { "type": "string" },
            "backupIntervalHours": { "type": "integer" },
            "keepLastDaysBackup": { "type": "integer" },
            "zipPassword": { "type": "string" },
@ -250,6 +250,7 @@
            }
          }
        },
+        "rootCertCommonName" : { "type": "string", "default": "MeshCentralRoot-XXXXXX", "description": "The common name of the MeshCentral server root certificate. By default it's 'MeshCentralRoot-' followed by the first 6 HEX digits of the public key fingerprint. For this setting to take effect, all generated certificates need to be deleted and reset. Existing agents will not be able to connect anymore." },
        "redirects": { "type": "object" },
        "maxInvalidLogin": {
          "type": "object",