enhance customer set ssl-certificates and improve description, this should fix #1244

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
2013-10-06 13:41:01 +02:00
parent 455aa33d14
commit 56ef9e1992
4 changed files with 26 additions and 14 deletions
--- a/lib/classes/webserver/class.DomainSSL.php
+++ b/lib/classes/webserver/class.DomainSSL.php
@@ -81,6 +81,13 @@ class DomainSSL {
 					'ssl_cert_file' => makeCorrectFile($sslcertpath.'/'.$domain['domain'].'.crt'),
 					'ssl_key_file' => makeCorrectFile($sslcertpath.'/'.$domain['domain'].'.key')
 			);
+
+			if ($this->_settings['system']['webserver'] == 'lighttpd') {
+				// put my.crt and my.key together for lighty.
+				$dom_certs['ssl_cert_file'] .= $dom_certs['ssl_key_file'];
+				$ssl_files['ssl_key_file'] = '';
+			}
+
 			// initialize optional files
 			$ssl_files['ssl_ca_file'] = '';
 			$ssl_files['ssl_cert_chainfile'] = '';
@@ -89,7 +96,12 @@ class DomainSSL {
 				$ssl_files['ssl_ca_file'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_CA.pem');
 			}
 			if ($dom_certs['ssl_cert_chainfile'] != '') {
-				$ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_chain.pem');
+				if ($this->_settings['system']['webserver'] == 'nginx') {
+					// put ca.crt in my.crt, as nginx does not support a separate chain file.
+					$dom_certs['ssl_cert_file'] .= $dom_certs['ssl_cert_chainfile'];
+				} else {
+					$ssl_files['ssl_cert_chainfile'] = makeCorrectFile($sslcertpath.'/'.$domain['domain'].'_chain.pem');
+				}
 			}
 			// create them on the filesystem
 			foreach ($ssl_files as $type => $filename) {
--- a/lib/formfields/customer/domains/formfield.domain_ssleditor.php
+++ b/lib/formfields/customer/domains/formfield.domain_ssleditor.php
@@ -42,15 +42,6 @@ return array(
 						'rows' => 12,
 						'value' => $result['ssl_key_file']
 					),
-					'ssl_ca_file' => array(
-						'style' => 'vertical-align:top;',
-						'label' => $lng['admin']['ipsandports']['ssl_ca_file_content'],
-						'desc' => $lng['admin']['ipsandports']['ssl_paste_description'],
-						'type' => 'textarea',
-						'cols' => 60,
-						'rows' => 12,
-						'value' => $result['ssl_ca_file']
-					),
 					'ssl_cert_chainfile' => array(
 						'style' => 'vertical-align:top;',
 						'label' => $lng['admin']['ipsandports']['ssl_cert_chainfile_content'],
@@ -59,6 +50,15 @@ return array(
 						'cols' => 60,
 						'rows' => 12,
 						'value' => $result['ssl_cert_chainfile']
+					),
+					'ssl_ca_file' => array(
+						'style' => 'vertical-align:top;',
+						'label' => $lng['admin']['ipsandports']['ssl_ca_file_content'],
+						'desc' => $lng['admin']['ipsandports']['ssl_paste_description'],
+						'type' => 'textarea',
+						'cols' => 60,
+						'rows' => 12,
+						'value' => $result['ssl_ca_file']
 					)
 				)
 			)
--- a/lng/english.lng.php
+++ b/lng/english.lng.php
@@ -1948,8 +1948,8 @@ $lng['panel']['ssleditor'] = 'SSL settings for this domain';
 $lng['admin']['ipsandports']['ssl_paste_description'] = 'Paste your complete certificate content in the textbox';
 $lng['admin']['ipsandports']['ssl_cert_file_content'] = 'Content of the ssl certificate';
 $lng['admin']['ipsandports']['ssl_key_file_content'] = 'Content of the ssl (private-) key file';
-$lng['admin']['ipsandports']['ssl_ca_file_content'] = 'Content of the ssl CA file (optional)';
-$lng['admin']['ipsandports']['ssl_cert_chainfile_content'] = 'Content of the certificate chainfile (optional)';
+$lng['admin']['ipsandports']['ssl_ca_file_content'] = 'Content of the ssl CA file (optional, client authentification, set this only if you know what it is.)';
+$lng['admin']['ipsandports']['ssl_cert_chainfile_content'] = 'Content of the certificate chainfile (optional, mostly CA_Bundle, or similar, you probably want to set this if you bought a SSL certificate.)';
 $lng['error']['sslcertificateismissingprivatekey'] = 'You need to specify a private key for your certificate';
 $lng['error']['sslcertificatewrongdomain'] = 'The given certificate does not belong to this domain';
 $lng['error']['sslcertificateinvalidcert'] = 'The given certificate-content does not seem to be a valid certificate';
--- a/lng/german.lng.php
+++ b/lng/german.lng.php
@@ -1669,8 +1669,8 @@ $lng['panel']['ssleditor'] = 'SSL-Einstellungen für diese Domain';
 $lng['admin']['ipsandports']['ssl_paste_description'] = 'Bitte den Inhalt der Zertifikatsdatei in das Textfeld kopieren';
 $lng['admin']['ipsandports']['ssl_cert_file_content'] = 'Inhalt des SSL-Zertifikats';
 $lng['admin']['ipsandports']['ssl_key_file_content'] = 'Inhalt der Key-Datei (private key)';
-$lng['admin']['ipsandports']['ssl_ca_file_content'] = 'Inhalt der SSL-CA-Datei (optional)';
-$lng['admin']['ipsandports']['ssl_cert_chainfile_content'] = 'Inhalt des Zertifikats-Chainfile (optional)';
+$lng['admin']['ipsandports']['ssl_ca_file_content'] = 'Inhalt der SSL-CA-Datei (optional, Client Authentifizierung, dieses Feld sollte nur gesetzt werden, wenn es wirklich gebraucht wird.)';
+$lng['admin']['ipsandports']['ssl_cert_chainfile_content'] = 'Inhalt des Zertifikats-Chainfile (optional, meist CA_Bundle, o.Ä., dies ist das Feld, dass gesetzt werden sollte, wenn ein gekauftes SSL-Zertifikat vorliegt.)';
 $lng['error']['sslcertificateismissingprivatekey'] = 'Für das Zertifikat muss eine Key-Datei (private key) angegeben werden';
 $lng['error']['sslcertificatewrongdomain'] = 'Das angegebene Zertifikat gilt nicht für die gewählte Domain';
 $lng['error']['sslcertificateinvalidcert'] = 'Der angegebene Zertifikatsinhalt scheint kein gültiges Zertifikat zu sein';