github-personal/labca
1
0
Fork 0
mirror of https://github.com/outbackdingo/labca.git synced 2026-01-27 10:19:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make title/name on web pages configurable (#52)

Browse Source
This commit is contained in:
Arjan H
2022-07-28 19:00:21 +02:00
parent 5f56bd3be6
commit 9c1e3f2600
15 changed files with 146 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
gui/apply-nginx
View File

@@ -2,19 +2,53 @@
set -e
sed -i -e "s|<title>.*</title>|<title>$PKI_WEB_TITLE</title>|g" 502.html
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" 502.html
PKI_ROOT_DN=$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -subject | sed -e "s/subject= //")
sed -i -e "s|\[PKI_ROOT_DN\]|$PKI_ROOT_DN|g" certs/index.html
sed -i -e "s|<\!-- BEGIN PKI_ROOT_DN -->.*<\!-- END PKI_ROOT_DN -->|<\!-- BEGIN PKI_ROOT_DN -->$PKI_ROOT_DN<\!-- END PKI_ROOT_DN -->|g" certs/index.html
PKI_ROOT_VALIDITY="$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -startdate | sed -e "s/.*=/Not Before: /")<br/> $(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -enddate | sed -e "s/.*=/Not After: /")"
sed -i -e "s|\[PKI_ROOT_VALIDITY\]|$PKI_ROOT_VALIDITY|g" certs/index.html
sed -i -e "s|<\!-- BEGIN PKI_ROOT_VALIDITY -->.*<\!-- END PKI_ROOT_VALIDITY -->|<\!-- BEGIN PKI_ROOT_VALIDITY -->$PKI_ROOT_VALIDITY<\!-- END PKI_ROOT_VALIDITY -->|g" certs/index.html
PKI_INT_DN=$(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -subject | sed -e "s/subject= //")
sed -i -e "s|\[PKI_INT_DN\]|$PKI_INT_DN|g" certs/index.html
sed -i -e "s|<\!-- BEGIN PKI_INT_DN -->.*<\!-- END PKI_INT_DN -->|<\!-- BEGIN PKI_INT_DN -->$PKI_INT_DN<\!-- END PKI_INT_DN -->|g" certs/index.html
PKI_INT_VALIDITY="$(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -startdate | sed -e "s/.*=/Not Before: /")<br/> $(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -enddate | sed -e "s/.*=/Not After: /")"
sed -i -e "s|\[PKI_INT_VALIDITY\]|$PKI_INT_VALIDITY|g" certs/index.html
sed -i -e "s|<\!-- BEGIN PKI_INT_VALIDITY -->.*<\!-- END PKI_INT_VALIDITY -->|<\!-- BEGIN PKI_INT_VALIDITY -->$PKI_INT_VALIDITY<\!-- END PKI_INT_VALIDITY -->|g" certs/index.html
sed -i -e "s|\[PKI_COMPANY_NAME\]|$PKI_DEFAULT_O|g" cps/index.html
sed -i -e "s|\[PKI_ROOT_DN\]|$PKI_ROOT_DN|g" cps/index.html
sed -i -e "s|<title>.*</title>|<title>Certificates \| $PKI_WEB_TITLE</title>|g" certs/index.html
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" certs/index.html
sed -i -e "s|<\!-- BEGIN PKI_COMPANY_NAME -->.*<\!-- END PKI_COMPANY_NAME -->|<\!-- BEGIN PKI_COMPANY_NAME -->$PKI_DEFAULT_O<\!-- END PKI_COMPANY_NAME -->|g" cps/index.html
sed -i -e "s|<\!-- BEGIN PKI_ROOT_DN -->.*<\!-- END PKI_ROOT_DN -->|<\!-- BEGIN PKI_ROOT_DN -->$PKI_ROOT_DN<\!-- END PKI_ROOT_DN -->|g" cps/index.html
PKI_ROOT_FINGERPRINT="$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -fingerprint | sed -e "s/.*=//" | sed -e "s/.\{21\}/&\\\n/g")"
sed -i -e "s|\[PKI_ROOT_FINGERPRINT\]|$PKI_ROOT_FINGERPRINT|g" cps/index.html
sed -i -e "s|\[PKI_ROOT_VALIDITY\]|$PKI_ROOT_VALIDITY|g" cps/index.html
sed -i -e "s|<\!-- BEGIN PKI_ROOT_FINGERPRINT -->.*<\!-- END PKI_ROOT_FINGERPRINT -->|<\!-- BEGIN PKI_ROOT_FINGERPRINT -->$PKI_ROOT_FINGERPRINT<\!-- END PKI_ROOT_FINGERPRINT -->|g" cps/index.html
sed -i -e "s|<\!-- BEGIN PKI_ROOT_VALIDITY -->.*<\!-- END PKI_ROOT_VALIDITY -->|<\!-- BEGIN PKI_ROOT_VALIDITY -->$PKI_ROOT_VALIDITY<\!-- END PKI_ROOT_VALIDITY -->|g" cps/index.html
sed -i -e "s|<title>.*</title>|<title>CPS \| $PKI_WEB_TITLE</title>|g" cps/index.html
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" cps/index.html
sed -i -e "s|<\!-- BEGIN LABCA_CPS_LOCATION -->.*<\!-- END LABCA_CPS_LOCATION -->|<\!-- BEGIN LABCA_CPS_LOCATION --><a class=\"public\" href=\"http://$PKI_FQDN/cps/\">http://$PKI_FQDN/cps/</a><\!-- END LABCA_CPS_LOCATION -->|g" cps/index.html
sed -i -e "s|<\!-- BEGIN LABCA_CERTS_LOCATION -->.*<\!-- END LABCA_CERTS_LOCATION -->|<\!-- BEGIN LABCA_CERTS_LOCATION --><a class=\"public\" href=\"http://$PKI_FQDN/certs/\">http://$PKI_FQDN/certs/</a><\!-- END LABCA_CERTS_LOCATION -->|g" cps/index.html
sed -i -e "s|<title>.*</title>|<title>$PKI_WEB_TITLE</title>|g" index.html
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" index.html
if [ "$PKI_WEB_TITLE" == "LabCA" ]; then
sed -i -e "s|<\!-- BEGIN WEBTITLE_X1 -->.*<\!-- END WEBTITLE_X1 -->|<\!-- BEGIN WEBTITLE_X1 -->$PKI_WEB_TITLE<\!-- END WEBTITLE_X1 -->|g" index.html
sed -i -e "s|<\!-- BEGIN WEBTITLE_X2 -->.*<\!-- END WEBTITLE_X2 -->|<\!-- BEGIN WEBTITLE_X2 -->this $PKI_WEB_TITLE instance<\!-- END WEBTITLE_X2 -->|g" index.html
else
sed -i -e "s|<\!-- BEGIN WEBTITLE_X1 -->.*<\!-- END WEBTITLE_X1 -->|<\!-- BEGIN WEBTITLE_X1 -->$PKI_WEB_TITLE is running LabCA, which<\!-- END WEBTITLE_X1 -->|g" index.html
sed -i -e "s|<\!-- BEGIN WEBTITLE_X2 -->.*<\!-- END WEBTITLE_X2 -->|<\!-- BEGIN WEBTITLE_X2 -->$PKI_WEB_TITLE<\!-- END WEBTITLE_X2 -->|g" index.html
fi
sed -i -e "s|<title>.*</title>|<title>Rate Limits \| $PKI_WEB_TITLE</title>|g" rate-limits.html
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" rate-limits.html
if [ "$PKI_WEB_TITLE" == "LabCA" ]; then
sed -i -e "s|<\!-- BEGIN WEBTITLE_X2 -->.*<\!-- END WEBTITLE_X2 -->|<\!-- BEGIN WEBTITLE_X2 -->this $PKI_WEB_TITLE instance<\!-- END WEBTITLE_X2 -->|g" rate-limits.html
else
sed -i -e "s|<\!-- BEGIN WEBTITLE_X2 -->.*<\!-- END WEBTITLE_X2 -->|<\!-- BEGIN WEBTITLE_X2 -->$PKI_WEB_TITLE<\!-- END WEBTITLE_X2 -->|g" rate-limits.html
fi
sed -i -e "s|<\!-- BEGIN PKI_COMPANY_NAME -->.*<\!-- END PKI_COMPANY_NAME -->|<\!-- BEGIN PKI_COMPANY_NAME -->$PKI_DEFAULT_O<\!-- END PKI_COMPANY_NAME -->|g" terms/v1.html
sed -i -e "s|<title>.*</title>|<title>Terms \| $PKI_WEB_TITLE</title>|g" terms/v1.html
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" terms/v1.html
sed -i -e "s|\[PKI_COMPANY_NAME\]|$PKI_DEFAULT_O|g" terms/v1.html

55
gui/main.go
View File

@@ -54,6 +54,7 @@ var (
sessionStore *sessions.CookieStore
tmpls *templates.Templates
version string
webTitle string
dbConn string
dbType string
isDev bool
@@ -152,6 +153,7 @@ func (reg *User) Validate(isNew bool, isChange bool) bool {
type SetupConfig struct {
Fqdn string
Organization string
WebTitle string
DNS string
DomainMode string
LockdownDomains string
@@ -505,6 +507,7 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
cfg := &SetupConfig{
Fqdn: r.Form.Get("fqdn"),
Organization: r.Form.Get("organization"),
WebTitle: r.Form.Get("webtitle"),
DNS: r.Form.Get("dns"),
DomainMode: r.Form.Get("domain_mode"),
LockdownDomains: r.Form.Get("lockdown_domains"),
@@ -532,6 +535,11 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
viper.Set("labca.organization", cfg.Organization)
}
if cfg.WebTitle != viper.GetString("labca.web_title") {
delta = true
viper.Set("labca.web_title", cfg.WebTitle)
}
matched, err := regexp.MatchString(":\\d+$", cfg.DNS)
if err == nil && !matched {
cfg.DNS += ":53"
@@ -570,6 +578,11 @@ func _configUpdateHandler(w http.ResponseWriter, r *http.Request) {
if delta {
viper.WriteConfig()
webTitle = viper.GetString("labca.web_title")
if webTitle == "" {
webTitle = "LabCA"
}
err := _applyConfig()
if err != nil {
res.Success = false
@@ -1113,6 +1126,11 @@ func _manageGet(w http.ResponseWriter, r *http.Request) {
manageData["Fqdn"] = viper.GetString("labca.fqdn")
manageData["Organization"] = viper.GetString("labca.organization")
if viper.Get("labca.web_title") == nil || viper.GetString("labca.web_title") == "" {
manageData["WebTitle"] = "LabCA"
} else {
manageData["WebTitle"] = viper.GetString("labca.web_title")
}
manageData["DNS"] = viper.GetString("labca.dns")
domainMode := viper.GetString("labca.domain_mode")
manageData["DomainMode"] = domainMode
@@ -1143,6 +1161,8 @@ func _manageGet(w http.ResponseWriter, r *http.Request) {
manageData["Name"] = viper.GetString("user.name")
manageData["Email"] = viper.GetString("user.email")
manageData["Title"] = "Manage"
render(w, r, "manage", manageData)
}
@@ -1205,6 +1225,7 @@ func logsHandler(w http.ResponseWriter, r *http.Request) {
"Message": message,
"Data": data,
"WsUrl": wsurl,
"Title": "Logs",
})
}
@@ -1525,6 +1546,11 @@ func _applyConfig() error {
os.Setenv("PKI_ROOT_CERT_BASE", "data/root-ca")
os.Setenv("PKI_INT_CERT_BASE", "data/issuer/ca-int")
os.Setenv("PKI_DEFAULT_O", viper.GetString("labca.organization"))
if viper.GetString("labca.web_title") == "" {
os.Setenv("PKI_WEB_TITLE", "LabCA")
} else {
os.Setenv("PKI_WEB_TITLE", viper.GetString("labca.web_title"))
}
os.Setenv("PKI_DNS", viper.GetString("labca.dns"))
domain := viper.GetString("labca.fqdn")
os.Setenv("PKI_FQDN", domain)
@@ -2053,7 +2079,7 @@ func accountsHandler(w http.ResponseWriter, r *http.Request) {
Accounts, err := GetAccounts(w, r)
if err == nil {
render(w, r, "list:accounts", map[string]interface{}{"List": Accounts})
render(w, r, "list:accounts", map[string]interface{}{"List": Accounts, "Title": "ACME"})
}
}
@@ -2072,7 +2098,7 @@ func accountHandler(w http.ResponseWriter, r *http.Request) {
AccountDetails, err := GetAccount(w, r, id)
if err == nil {
render(w, r, "show:accounts", map[string]interface{}{"Details": AccountDetails})
render(w, r, "show:accounts", map[string]interface{}{"Details": AccountDetails, "Title": "ACME"})
}
}
@@ -2084,7 +2110,7 @@ func ordersHandler(w http.ResponseWriter, r *http.Request) {
Orders, err := GetOrders(w, r)
if err == nil {
render(w, r, "list:orders", map[string]interface{}{"List": Orders})
render(w, r, "list:orders", map[string]interface{}{"List": Orders, "Title": "ACME"})
}
}
@@ -2103,7 +2129,7 @@ func orderHandler(w http.ResponseWriter, r *http.Request) {
OrderDetails, err := GetOrder(w, r, id)
if err == nil {
render(w, r, "show:orders", map[string]interface{}{"Details": OrderDetails})
render(w, r, "show:orders", map[string]interface{}{"Details": OrderDetails, "Title": "ACME"})
}
}
@@ -2115,7 +2141,7 @@ func authzHandler(w http.ResponseWriter, r *http.Request) {
Authz, err := GetAuthz(w, r)
if err == nil {
render(w, r, "list:authz", map[string]interface{}{"List": Authz})
render(w, r, "list:authz", map[string]interface{}{"List": Authz, "Title": "ACME"})
}
}
@@ -2130,7 +2156,7 @@ func authHandler(w http.ResponseWriter, r *http.Request) {
AuthDetails, err := GetAuth(w, r, id)
if err == nil {
render(w, r, "show:authz", map[string]interface{}{"Details": AuthDetails})
render(w, r, "show:authz", map[string]interface{}{"Details": AuthDetails, "Title": "ACME"})
}
}
@@ -2142,7 +2168,7 @@ func challengesHandler(w http.ResponseWriter, r *http.Request) {
Challenges, err := GetChallenges(w, r)
if err == nil {
render(w, r, "list:challenges", map[string]interface{}{"List": Challenges})
render(w, r, "list:challenges", map[string]interface{}{"List": Challenges, "Title": "ACME"})
}
}
@@ -2161,7 +2187,7 @@ func challengeHandler(w http.ResponseWriter, r *http.Request) {
ChallengeDetails, err := GetChallenge(w, r, id)
if err == nil {
render(w, r, "show:challenges", map[string]interface{}{"Details": ChallengeDetails})
render(w, r, "show:challenges", map[string]interface{}{"Details": ChallengeDetails, "Title": "ACME"})
}
}
@@ -2173,7 +2199,7 @@ func certificatesHandler(w http.ResponseWriter, r *http.Request) {
Certificates, err := GetCertificates(w, r)
if err == nil {
render(w, r, "list:certificates", map[string]interface{}{"List": Certificates})
render(w, r, "list:certificates", map[string]interface{}{"List": Certificates, "Title": "ACME"})
}
}
@@ -2192,7 +2218,7 @@ func certificateHandler(w http.ResponseWriter, r *http.Request) {
CertificateDetails, err := GetCertificate(w, r, id, serial)
if err == nil {
render(w, r, "show:certificates", map[string]interface{}{"Details": CertificateDetails})
render(w, r, "show:certificates", map[string]interface{}{"Details": CertificateDetails, "Title": "ACME"})
}
}
@@ -2425,6 +2451,10 @@ func render(w http.ResponseWriter, r *http.Request, view string, data map[string
data["Version"] = version
}
if webTitle != "" {
data["WebTitle"] = webTitle
}
b, err := tmpls.Render("base.tmpl", "views/"+viewSlice[0]+".tmpl", data)
if err != nil {
errorHandler(w, r, err, http.StatusInternalServerError)
@@ -2520,6 +2550,11 @@ func init() {
version = viper.GetString("version")
webTitle = viper.GetString("labca.web_title")
if webTitle == "" {
webTitle = "LabCA"
}
updateAvailable = false
}

4
gui/templates/base.tmpl
View File

@@ -7,7 +7,7 @@
<meta name="description" content="LabCA is a private Certificate Authority for internal (intranet) use, based on the open source ACME Automated Certificate Management Environment implementation from Let's Encrypt (tm).">
<meta name="keywords" content="LabCA PKI CA Certificate Authority ACME Boulder">
<meta name="author" content="Arjan Hakkesteegt | Hakwerk IT B.V.">
<title>{{ block "title" . }}{{ if .Title }}{{ .Title }} | {{ end }}LabCA{{ end }}</title>
<title>{{ block "title" . }}{{ if .Title }}{{ .Title }} | {{ end }}{{ .WebTitle }}{{ end }}</title>
{{ block "css" . }}{{ template "partials/css.tmpl" . }}{{ end }}
<link rel="icon" type="image/png" href="static/img/fav-admin.png">
{{ block "head" . }}{{ .Head }}{{ end }}
@@ -32,7 +32,7 @@
<small>{{ if .Version }}{{ .Version }}{{ end }}</small>
</div>
<div class="col-sm-6 footer text-muted text-right" id="footer">
<small>Copyright &copy; 2018-2022 LabCA</small>
<small>Copyright &copy; 2018-2022 <a href="https://lab-ca.net/">LabCA</a></small>
</div>
</div>
</div>

2
gui/templates/partials/nav.tmpl
View File

@@ -7,7 +7,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">LabCA</a>
<a class="navbar-brand" href="/admin">{{ .WebTitle }}</a>
</div>
<ul class="nav navbar-top-links navbar-right">

2
gui/templates/views/dashboard.tmpl
View File

@@ -1,5 +1,5 @@
{{ define "body" }}
<h3>LabCA</h3>
<h3></h3>
</div>
</div>

2
gui/templates/views/list.tmpl
View File

@@ -1,6 +1,6 @@
{{ define "body" }}
{{with .List}}
<h3>LabCA {{ .Title }}</h3>
<h3>{{ .Title }}</h3>
<table class="table table-striped table-bordered table-hover datatable {{ .TableClass }}">
<thead>

10
gui/templates/views/manage.tmpl
View File

@@ -1,5 +1,5 @@
{{ define "body" }}
<h3>Manage LabCA</h3>
<h3>Manage</h3>
<p>Here you can manage your LabCA instance. Be careful!</p>
<ul class="nav nav-tabs nav-tabs-sticky">
@@ -140,10 +140,15 @@
<span class="error config-error hidden" id="fqdn-error"></span>
</div>
<div class="form-group">
<label for="fqdn">Organization name:</label>
<label for="organization">Organization name:</label>
<input class="form-control non-fluid" type="text" id="organization" name="organization" value="{{ .Organization }}" required>
<span class="error config-error hidden" id="organization-error"></span>
</div>
<div class="form-group">
<label for="webtitle">Title on web pages (e.g. 'Internal ACME CA'):</label>
<input class="form-control non-fluid" type="text" id="webtitle" name="webtitle" value="{{ .WebTitle }}">
<span class="error config-error hidden" id="webtitle-error"></span>
</div>
<div class="form-group">
<label for="dns">Internal DNS server to use:</label>
<input class="form-control non-fluid" type="text" id="dns" name="dns" value="{{ .DNS }}" required>
@@ -504,6 +509,7 @@
action: $(evt.target).attr("id"),
fqdn: $("#fqdn").val(),
organization: $("#organization").val(),
webtitle: $("#webtitle").val(),
dns: $("#dns").val(),
domain_mode: ($("#standard").prop('checked') ? 'standard' : ($("#whitelist").prop('checked') ? 'whitelist' : 'lockdown')),
lockdown_domains: $("#lockdown_domains").val(),

2
gui/templates/views/show.tmpl
View File

@@ -1,6 +1,6 @@
{{ define "body" }}
{{ with .Details }}
<h3>LabCA {{ .Title }}</h3>
<h3>{{ .Title }}</h3>
<table class="table table-striped table-bordered {{ .TableClass }}" id="details_table">
<tbody>

9
install
View File

@@ -473,14 +473,19 @@ static_web() {
mkdir -p crl
[ -e cert ] || ln -s certs cert
cp -rp $cloneDir/static/* .
sed -i -e "s|\[LABCA_CPS_LOCATION\]|http://$LABCA_FQDN/cps/|g" cps/index.html
sed -i -e "s|\[LABCA_CERTS_LOCATION\]|http://$LABCA_FQDN/certs/|g" cps/index.html
sed -i -e "s|<\!-- BEGIN LABCA_CPS_LOCATION -->.*<\!-- END LABCA_CPS_LOCATION -->|<\!-- BEGIN LABCA_CPS_LOCATION --><a class=\"public\" href=\"http://$LABCA_FQDN/cps/\">http://$LABCA_FQDN/cps/</a><\!-- END LABCA_CPS_LOCATION -->|g" cps/index.html
sed -i -e "s|<\!-- BEGIN LABCA_CERTS_LOCATION -->.*<\!-- END LABCA_CERTS_LOCATION -->|<\!-- BEGIN LABCA_CERTS_LOCATION --><a class=\"public\" href=\"http://$LABCA_FQDN/certs/\">http://$LABCA_FQDN/certs/</a><\!-- END LABCA_CERTS_LOCATION -->|g" cps/index.html
local have_config=$(grep restarted $adminDir/data/config.json | grep true)
if [ "$have_config" != "" ]; then
export PKI_ROOT_CERT_BASE="$adminDir/data/root-ca"
export PKI_INT_CERT_BASE="$adminDir/data/issuer/ca-int"
export PKI_DEFAULT_O=$(grep organization $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
export PKI_FQDN=$LABCA_FQDN
export PKI_WEB_TITLE=$(grep web_title $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
if [ "$PKI_WEB_TITLE" == "" ]; then
export PKI_WEB_TITLE="LabCA"
fi
$adminDir/apply-nginx
fi

4
static/502.html
View File

@@ -29,7 +29,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">LabCA</a>
<a class="navbar-brand" href="/admin"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
</div>
<ul class="nav navbar-top-links navbar-right">
@@ -118,7 +118,7 @@
<small></small>
</div>
<div class="col-sm-6 footer text-muted text-right" id="footer">
<small>Copyright &copy; 2018-2022 LabCA</small>
<small>Copyright &copy; 2018-2022 <a href="https://lab-ca.net/">LabCA</a></small>
</div>
</div>
</div>

12
static/certs/index.html
View File

@@ -27,7 +27,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">LabCA</a>
<a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
</div>
<ul class="nav navbar-top-links navbar-right">
@@ -67,23 +67,23 @@
<tbody>
<tr>
<td>Root CA</td>
<td>[PKI_ROOT_DN]</td>
<td><!-- BEGIN PKI_ROOT_DN -->PKI_ROOT_DN<!-- END PKI_ROOT_DN --></td>
<td><a class="public" href="root-ca.der">root-ca.der</a></td>
<td><a class="public" href="root-ca.pem">root-ca.pem</a></td>
<td>[PKI_ROOT_VALIDITY]</td>
<td><!-- BEGIN PKI_ROOT_VALIDITY -->PKI_ROOT_VALIDITY<!-- END PKI_ROOT_VALIDITY --></td>
</tr>
<tr>
<td>Issuing CA</td>
<td>[PKI_INT_DN]</td>
<td><!-- BEGIN PKI_INT_DN -->PKI_INT_DN<!-- END PKI_INT_DN --></td>
<td><a class="public" href="ca-int.der">ca-int.der</a></td>
<td><a class="public" href="ca-int.pem">ca-int.pem</a></td>
<td>[PKI_INT_VALIDITY]</td>
<td><!-- BEGIN PKI_INT_VALIDITY -->PKI_INT_VALIDITY<!-- END PKI_INT_VALIDITY --></td>
</tr>
</tbody>
</table>
<p>
To trust the certificates provided by LabCA, all your client devices should install the root certificate in their
To trust the certificates provided by <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE -->, all your client devices should install the root certificate in their
<b>Trusted Root Certification Authorities</b> store. You may choose to download the format best suited for your
Operating System: DER format for Windows machines or PEM format for Linux/unix machines and Android phones.
</p>

32
static/cps/index.html
View File

@@ -27,7 +27,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">LabCA</a>
<a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
</div>
<ul class="nav navbar-top-links navbar-right">
@@ -59,7 +59,7 @@
<p>
This Certification Practice Statement ("CPS") document outlines the certification services practices for this
particular instance running the LabCA software. PKI (Public Key Infrastructure) services include, but are not limited to, issuing, managing,
validating, revoking, and renewing Certificates. The services are provided for [PKI_COMPANY_NAME] internal use only.
validating, revoking, and renewing Certificates. The services are provided for <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME --> internal use only.
</p>
<p>The following Certification Authorities are covered under this CPS:</p>
<table class="table table-striped table-bordered">
@@ -71,9 +71,9 @@
</tr></thead>
<tbody><tr>
<td>Root CA</td>
<td>[PKI_ROOT_DN]</td>
<td>[PKI_ROOT_FINGERPRINT]</td>
<td>[PKI_ROOT_VALIDITY]</td>
<td><!-- BEGIN PKI_ROOT_DN -->PKI_ROOT_DN<!-- END PKI_ROOT_DN --></td>
<td><!-- BEGIN PKI_ROOT_FINGERPRINT -->PKI_ROOT_FINGERPRINT<!-- END PKI_ROOT_FINGERPRINT --></td>
<td><!-- BEGIN PKI_ROOT_VALIDITY -->PKI_ROOT_VALIDITY<!-- END PKI_ROOT_VALIDITY --></td>
</tr></tbody>
</table>
<p>
@@ -91,29 +91,29 @@
</p>
<p class="caption"><strong>2. Publication and Repository</strong></p>
<p>This CPS is published at <a class="public" href="[LABCA_CPS_LOCATION]">[LABCA_CPS_LOCATION]</a></p>
<p>This CPS is published at <!-- BEGIN LABCA_CPS_LOCATION --><a class="public" href="[LABCA_CPS_LOCATION]">[LABCA_CPS_LOCATION]</a><!-- END LABCA_CPS_LOCATION --></p>
<p>
Records of root and intermediate certificates, including those that have been revoked, are available at
<a class="public" href="[LABCA_CERTS_LOCATION]">[LABCA_CERTS_LOCATION]</a>
<!-- BEGIN LABCA_CERTS_LOCATION --><a class="public" href="[LABCA_CERTS_LOCATION]">[LABCA_CERTS_LOCATION]</a><!-- END LABCA_CERTS_LOCATION -->
</p>
<p>
LabCA certificates contain URLs to locations where certificate-related information is published, including
<!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> certificates contain URLs to locations where certificate-related information is published, including
revocation information via OCSP and/or CRLs.
</p>
<p class="caption"><strong>3. Identification and Authentication</strong></p>
<p>
LabCA certificates include a "Subject" field which identifies the subject entity (i.e. organization or domain). The
<!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> certificates include a "Subject" field which identifies the subject entity (i.e. organization or domain). The
subject entity is identified using a distinguished name.
</p>
<p>
LabCA certificates include an "Issuer" field which identifies the issuing entity. The issuing entity is identified
<!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> certificates include an "Issuer" field which identifies the issuing entity. The issuing entity is identified
using a distinguished name.
</p>
<p class="caption"><strong>4. Certificate Life-Cycle Operational Requirements</strong></p>
<p>
Anyone associated with [PKI_COMPANY_NAME] may submit an application for a certificate via the ACME protocol. Issuance
Anyone associated with <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME --> may submit an application for a certificate via the ACME protocol. Issuance
will depend on proper validation and compliance with this PKI's policies. End-entity certificates are made available
to Subscribers via the ACME protocol as soon after issuance as reasonably possible.
</p>
@@ -134,17 +134,17 @@
<p>Certificate revocation permanently ends the certificate's operational period prior to its stated validity period.</p>
<p class="caption"><strong>5. Facilities, Management, and Operational Controls</strong></p>
<p>Operating this PKI is under full responsibility of [PKI_COMPANY_NAME].</p>
<p>Operating this PKI is under full responsibility of <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME -->.</p>
<p class="caption"><strong>6. Technical Security Controls</strong></p>
<p>
LabCA is <strong>not</strong> using a Hardware Security Module (HSM) for storing CA private keys. LabCA is intended
to be used in a lab or intranet environment with sufficient protection against bad actors. It may not be used as
publicly accessible PKI instance.
<!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> is <strong>not</strong> using a Hardware Security Module (HSM) for storing CA private keys.
<!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --> is intended to be used in a lab or intranet environment with sufficient protection against
bad actors. It may not be used as publicly accessible PKI instance.
</p>
<p class="caption"><strong>7. Certificate, CRL, and OCSP Profile</strong></p>
<p>Any requirements or policies regarding Certificates, CRLs and OCSP are at full discretion of [PKI_COMPANY_NAME].</p>
<p>Any requirements or policies regarding Certificates, CRLs and OCSP are at full discretion of <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME -->.</p>
<p class="caption"><strong>8. Compliance audit</strong></p>
<p>Not applicable.</p>

12
static/index.html
View File

@@ -27,7 +27,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">LabCA</a>
<a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
</div>
<ul class="nav navbar-top-links navbar-right">
@@ -54,18 +54,18 @@
<div id="page-wrapper">
<div class="row">
<div class="col-lg-12">
<h1 class="page-header">LabCA</h1>
<h1 class="page-header"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></h1>
<p>
LabCA is a private CA (Certificate Authority) for use inside an organization, i.e. for creating HTTPS/SSL certificates
<!-- BEGIN WEBTITLE_X1 -->LabCA<!-- END WEBTITLE_X1 --> is a private CA (Certificate Authority) for use inside an organization, i.e. for creating HTTPS/SSL certificates
for machines that cannot be reached via the open internet. It is based on Let's Encrypt&trade; code for ACMEv2
(Automated Certificate Management Environment) so all modern
LE clients should work. LabCA should <b>not</b> be used on the open internet, please use the official
LE clients should work.<br/>LabCA <b>should NOT</b> be used on the open internet, please use the official
<a class="public" href="https://letsencrypt.org/">Let's Encrypt&trade; <i class="fa fa-external-link fa-fw ext-link"></i>
</a> instance for that.
</p>
<p>
To trust the certificates provided by LabCA, all your client devices should install the root certificate in their
To trust the certificates provided by <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE -->, all your client devices should install the root certificate in their
<b>Trusted Root Certification Authorities</b> store. You may choose to download the format best suited for your
Operating System: DER format for Windows machines or PEM format for Linux/unix machines and Android phones:<br/>
<a class="public" href="certs/root-ca.der">Windows (.der) format</a>&nbsp;|&nbsp;
@@ -73,7 +73,7 @@
</p>
<br/>
<h4>More information</h4>
<p>Additional information about this LabCA instance can be found on these pages:<br/>
<p>Additional information about <!-- BEGIN WEBTITLE_X2 -->this LabCA instance<!-- END WEBTITLE_X2 --> can be found on these pages:<br/>
<a class="public" href="terms/v1">Terms</a> - the Usage Terms<br/>
<a class="public" href="cps/">CPS</a> - the Certification Practice Statement
</p>

8
static/rate-limits.html
View File

@@ -8,7 +8,7 @@
<meta name="keywords" content="LabCA PKI CA Certificate Authority ACME Boulder">
<meta name="author" content="Arjan Hakkesteegt">
<title>LabCA</title>
<title>Rate Limits | LabCA</title>
<link href="css/bootstrap.min.css" rel="stylesheet">
<link href="css/sb-admin-2.min.css" rel="stylesheet">
@@ -27,7 +27,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">LabCA</a>
<a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
</div>
<ul class="nav navbar-top-links navbar-right">
@@ -59,10 +59,10 @@
<h1 class="page-header">Rate Limits</h1>
<p>
It is unlikely that you hit the rate limit mechanism for your selected domain, as it is set to allow 10,000 certificates in LabCA.
It is unlikely that you hit the rate limit mechanism for your selected domain, as it is set to allow 10,000 certificates in <!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE -->.
</p>
<p>
If your LabCA instance is set up to (also) allow official domains (not recommended), then for the other domains the main limit is
If <!-- BEGIN WEBTITLE_X2 -->this LabCA instance<!-- END WEBTITLE_X2 --> is set up to (also) allow official domains (not recommended), then for the other domains the main limit is
<b>Certificates per Registered Domain</b>: 5 per 24 hours. As per the
<a class="public" href="https://letsencrypt.org/docs/rate-limits/">Let's Encrypt&trade; rate limits page <i class="fa fa-external-link fa-fw ext-link"></i></a>,
a registered domain is, generally speaking, the part of the domain you purchased from your domain name registrar. For instance,

6
static/terms/v1.html
View File

@@ -27,7 +27,7 @@
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/">LabCA</a>
<a class="navbar-brand" href="/"><!-- BEGIN WEBTITLE -->LabCA<!-- END WEBTITLE --></a>
</div>
<ul class="nav navbar-top-links navbar-right">
@@ -69,8 +69,8 @@
be, the subject of your certificate;</li>
<li>all information in your certificate regarding you or your domain name is accurate, current, reliable,
complete, and not misleading;</li>
<li>your certificate is only used inside [PKI_COMPANY_NAME] and according to any and all policies of
[PKI_COMPANY_NAME];</li>
<li>your certificate is only used inside <!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME --> and according to any and all policies of
<!-- BEGIN PKI_COMPANY_NAME -->PKI_COMPANY_NAME<!-- END PKI_COMPANY_NAME -->;</li>
<li>your certificate is not used in any way to deceive.</li>
</ul>
<p>The contents of your certificates will be based on the information you or your ACME client software sends to this