Fixed re-generting the TLS certificate if the desired cert name does not match.
This commit is contained in:
parent
6b1b034c61
commit
d6a1f04d4a
|
@ -918,12 +918,8 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
r.AmtMpsName = obj.pki.certificateFromPem(r.mps.cert).subject.getField('CN').value;
|
r.AmtMpsName = obj.pki.certificateFromPem(r.mps.cert).subject.getField('CN').value;
|
||||||
var webCertificate = obj.pki.certificateFromPem(r.web.cert);
|
var webCertificate = obj.pki.certificateFromPem(r.web.cert);
|
||||||
r.WebIssuer = webCertificate.issuer.getField('CN').value;
|
r.WebIssuer = webCertificate.issuer.getField('CN').value;
|
||||||
if (commonName == 'un-configured') { // If the "cert" name is not set, try to use the certificate CN instead (ok if the certificate is not wildcard).
|
r.CommonName = webCertificate.subject.getField('CN').value;
|
||||||
commonName = webCertificate.subject.getField('CN').value;
|
r.CommonNames = [ r.CommonName ];
|
||||||
if (commonName.startsWith('*.')) { console.log("ERROR: Must specify a server full domain name in Config.json->Settings->Cert when using a wildcard certificate."); process.exit(0); return; }
|
|
||||||
}
|
|
||||||
r.CommonName = commonName;
|
|
||||||
r.CommonNames = [commonName.toLowerCase()];
|
|
||||||
var altNames = webCertificate.getExtension('subjectAltName');
|
var altNames = webCertificate.getExtension('subjectAltName');
|
||||||
if (altNames) {
|
if (altNames) {
|
||||||
for (i = 0; i < altNames.altNames.length; i++) {
|
for (i = 0; i < altNames.altNames.length; i++) {
|
||||||
|
@ -935,12 +931,18 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
}
|
}
|
||||||
var rootCertificate = obj.pki.certificateFromPem(r.root.cert);
|
var rootCertificate = obj.pki.certificateFromPem(r.root.cert);
|
||||||
r.RootName = rootCertificate.subject.getField('CN').value;
|
r.RootName = rootCertificate.subject.getField('CN').value;
|
||||||
|
|
||||||
|
// If the "cert" name is not set, try to use the certificate CN instead (ok if the certificate is not wildcard).
|
||||||
|
if (commonName == 'un-configured') {
|
||||||
|
if (r.CommonName.startsWith('*.')) { console.log("ERROR: Must specify a server full domain name in Config.json->Settings->Cert when using a wildcard certificate."); process.exit(0); return; }
|
||||||
|
commonName = r.CommonName;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Look for domains that have DNS names and load their certificates
|
// Look for domains that have DNS names and load their certificates
|
||||||
r.dns = {};
|
r.dns = {};
|
||||||
for (i in config.domains) {
|
for (i in config.domains) {
|
||||||
if ((i != "") && (config.domains[i] != null) && (config.domains[i].dns != null)) {
|
if ((i != '') && (config.domains[i] != null) && (config.domains[i].dns != null)) {
|
||||||
dnsname = config.domains[i].dns;
|
dnsname = config.domains[i].dns;
|
||||||
// Check if this domain matches a parent wildcard cert, if so, use the parent cert.
|
// Check if this domain matches a parent wildcard cert, if so, use the parent cert.
|
||||||
if (obj.compareCertificateNames(r.CommonNames, dnsname) == true) {
|
if (obj.compareCertificateNames(r.CommonNames, dnsname) == true) {
|
||||||
|
@ -987,8 +989,8 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
if (xorganizationField != null) { xorganization = xorganizationField.value; }
|
if (xorganizationField != null) { xorganization = xorganizationField.value; }
|
||||||
if (certargs == null) { commonName = r.CommonName; country = xcountry; organization = xorganization; }
|
if (certargs == null) { commonName = r.CommonName; country = xcountry; organization = xorganization; }
|
||||||
|
|
||||||
// Check if we have correct certificates
|
// Check if we have correct certificates.
|
||||||
if (obj.compareCertificateNames(r.CommonNames, commonName) == false) { forceWebCertGen = 1; }
|
if (obj.compareCertificateNames(r.CommonNames, commonName) == false) { forceWebCertGen = 1; } else { r.CommonName = commonName; }
|
||||||
if (r.AmtMpsName != mpsCommonName) { forceMpsCertGen = 1; }
|
if (r.AmtMpsName != mpsCommonName) { forceMpsCertGen = 1; }
|
||||||
|
|
||||||
// If the certificates matches what we want, use them.
|
// If the certificates matches what we want, use them.
|
||||||
|
@ -1140,7 +1142,7 @@ module.exports.CertificateOperations = function (parent) {
|
||||||
|
|
||||||
// Look for domains with DNS names that have no certificates and generated them.
|
// Look for domains with DNS names that have no certificates and generated them.
|
||||||
for (i in config.domains) {
|
for (i in config.domains) {
|
||||||
if ((i != "") && (config.domains[i] != null) && (config.domains[i].dns != null)) {
|
if ((i != '') && (config.domains[i] != null) && (config.domains[i].dns != null)) {
|
||||||
dnsname = config.domains[i].dns;
|
dnsname = config.domains[i].dns;
|
||||||
// Check if this domain matches a parent wildcard cert, if so, use the parent cert.
|
// Check if this domain matches a parent wildcard cert, if so, use the parent cert.
|
||||||
if (obj.compareCertificateNames(r.CommonNames, dnsname) == true) {
|
if (obj.compareCertificateNames(r.CommonNames, dnsname) == true) {
|
||||||
|
|
Loading…
Reference in New Issue