Updates to SSL and other general items

2014-10-09 23:23:02 +11:00
parent c952738750
commit 8d71460121
25 changed files with 813 additions and 391 deletions
--- a/application/views/ssl/user/add.php
+++ b/application/views/ssl/user/add.php
@@ -16,10 +16,11 @@
 			<code>gsk8capicmd_64 -keydb -create -db dsmcert.kdb -type kdb -stash</code><br/><br/>
 		</li>
 		<li>Create a Certificate Signing Request using the following command:<br/>
-		<code>gsk8capicmd_64 -certreq -create -db dsmcert.kdb -stashed -label 'TSM-SL01' -dn 'O=IBM,cn=<?php echo $o->id(); ?>' -size 2048 -file <?php echo $o->id(); ?>.CSR</code><br/><br/>
+		<code>gsk8capicmd_64 -certreq -create -db dsmcert.kdb -stashed -label 'TSM-SL01' -dn '<?php echo $o->ssl_dn(); ?>' -size 2048 -file <?php echo $o->id(); ?>.CSR</code><br/><br/>
 		</li>

-		<li>Paste the contents of your CSR file here:<br/>
+		<li>Upload your CSR file here <?php echo Form::file('csr_file',array('class'=>'col-md-3','label'=>'CSR File')); ?> 
+		OR, paste the contents of your CSR file here:<br/>
 		<?php echo Form::textarea('csr','',array('class'=>'col-md-6','label'=>'CSR','placeholder'=>'Certificate Sign Request','style'=>'font-family: monospace;','cols'=>61,'rows'=>15)); ?>
 		</li>

@@ -31,5 +32,5 @@
 	<div class="col-md-offset-1">
 		<button type="submit" class="btn btn-primary">Save changes</button>
 		<button type="button" class="btn btn-default">Cancel</button>
-        </div>
+	</div>
 </div>
--- a/application/views/ssl/user/view.php
+++ b/application/views/ssl/user/view.php
@@ -0,0 +1,110 @@
+<fieldset class="col-md-6">
+	<legend>SSL Details</legend>
+
+	<div class="dl-horizontal">
+		<dt>Subject</dt>
+		<dd><?php echo $o->dn(); ?></dd>
+
+		<?php if ($o->cert) : ?>
+			<dt>Subject Key ID</dt>
+			<dd><?php echo $o->ski(); ?></dd>
+
+			<dt>Serial Number</dt>
+			<dd><?php echo $o->serial(); ?></dd>
+
+			<dt>Issuer</dt>
+			<dd>
+				<?php if ($o->validCA()) : ?>
+				<?php echo HTML::anchor(URL::link('admin','ssl/edit/').$o->ca->id,$o->issuer()); ?>
+				<?php else : ?>
+				<?php echo $o->issuer(); ?>
+				<?php endif ?>
+			</dd>
+
+			<dt>Issuer Key ID</dt>
+			<dd><?php echo $o->aki_keyid(); ?></dd>
+
+			<dt>Issuer Serial</dt>
+			<dd><?php echo $o->aki_serial(); ?></dd>
+
+			<dt>Valid From</dt>
+			<dd><?php echo $o->valid_from(TRUE); ?></dd>
+
+			<dt>Valid To</dt>
+			<dd><?php echo $o->valid_to(TRUE); ?></dd>
+
+			<dt>Hash</dt>
+			<dd><?php echo $o->hash(); ?></dd>
+
+			<dt>Version</dt>
+			<dd><?php echo $o->version(); ?></dd>
+
+			<dt>Algorithm</dt>
+			<dd><?php echo $o->algorithm(); ?></dd>
+
+		<?php else : ?>
+			<dt>Status</dt>
+			<dd>Waiting to be signed.</dd>
+		<?php endif ?>
+	</div> <!-- dl-horizontal -->
+
+	<?php if ($o->cert) : ?>
+		<br/>
+		<legend>Certificate Chain</legend>
+
+		<?php echo Table::factory()
+			->data($o->list_ca())
+			->columns(array(
+			'id'=>'ID',
+			'subject_cn()'=>'Cert',
+			'valid_to(TRUE)'=>'Expires',
+			'issuer_cn()'=>'Issuer',
+			))
+			->prepend(array(
+				'id'=>array('url'=>URL::link('','ssl/download/')),
+			)); ?>
+	<?php endif ?>
+
+</fieldset>
+
+<fieldset class="col-md-6">
+	<legend>Certificate</legend>
+
+	<pre><?php echo $o->cert ? $o->cert : $o->csr; ?></pre>
+
+	<?php
+		echo $o->download_button(); 
+
+		if ($ao=Auth::instance()->get_user() AND ($ao->isAdmin()) AND $o->service->status AND ($o->valid_to()-(Kohana::$config->load('ssl.min_renew_days')*86400) <= time()) AND $o->service->paid_to() > time()) :
+			echo Form::open(URL::link('admin','ssl/renew/'.$o->service->id));
+			echo Form::button('submit','Renew',array('class'=>'btn btn-primary'));
+		endif
+	?>
+</fieldset>
+
+<fieldset class="col-md-12">
+	<legend>TSM Configuration</legend>
+
+        <p>To use this certificate with a Tivoli Storage Manager client, please do the following:<p>
+        <p>(If this certificate has just been renewed, you only need to jump to the last step.)<p>
+        <ol>
+                <li>Download this signed certificate and the CA certificates above.</li>
+                <li>Open up a command prompt, and depending on your operating system, change to your BA Client <strong>BIN</strong> directory. For example:<br/>
+                        <dl class="dl-horizontal">
+                                <dt>Linux</dt>
+                                <dd>cd /opt/tivoli/tsm/client/ba/bin</dd>
+                                <dt>Windows</dt>
+                                <dd>cd "C:\Program Files\Tivoli\TSM\baclient"</dd>
+                        </dl>
+                </li>
+                <li>Import the ROOT SSL certificate above with the following command:<br/>
+                        <code>gsk8capicmd_64 -cert -add -db dsmcert.kdb -stashed -file [DOWNLOAD.CRT] -label [NAME OF ROOT CERTIFICATE]</code><br/><br/>
+                </li>
+                <li>Import any additional CA certificates above with the following command:<br/>
+                        <code>gsk8capicmd_64 -cert -add -db dsmcert.kdb -stashed -file [DOWNLOAD.CRT] -label [NAME OF CERTIFICATE]</code><br/><br/>
+                </li>
+                <li>Import this signed certificate with the following command:<br/>
+                        <code>gsk8capicmd_64 -cert -receive -db dsmcert.kdb -stashed -default_cert enabled -file [DOWNLOAD.CRT]</code><br/><br/>
+                </li>
+        </ol>
+</fieldset>