search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Highway to PSR2
[openemr.git] / interface / usergroup / ssl_certificates_admin.php
blobeb5990d1cc85e2db25e0cb5776412da4606b0af5
1 <?php
2 require_once("../globals.php");
3 require_once("../../library/create_ssl_certificate.php");
4
5 /********************************************************************************\
6 * Copyright (C) Visolve (vicareplus_engg@visolve.com) *
7 * *
8 * This program is free software; you can redistribute it and/or *
9 * modify it under the terms of the GNU General Public License *
10 * as published by the Free Software Foundation; either version 2 *
11 * of the License, or (at your option) any later version. *
12 * *
13 * This program is distributed in the hope that it will be useful, *
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
16 * GNU General Public License for more details. *
17 * *
18 * You should have received a copy of the GNU General Public License *
19 * along with this program; if not, write to the Free Software *
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
21 ********************************************************************************/
22
23 /*
24 * This page is used to setup https access to OpenEMR with client certificate authentication.
25 * If enabled, the browser must connect to OpenEMR using a client SSL certificate that is
26 * generated by OpenEMR. This page is used to create the Certificate Authority and
27 * Apache SSL server certificate.
28 */
29
30 /* This string contains any error messages if generating
31 * certificates fails.
32 */
33 $error_msg = "";
34
35 /* This function is called when the "Save Certificate Settings" button is clicked.
36 * Save the certificate settings to the file globals.php.
37 * The following form inputs are used:
38 * cakey_location - The path to the CA key file
39 * cacrt_location - The path to the CA certificate file
40 * clientCertValidity_hidden - Number of days client certificates are valid.
41 * isClientAuthenticationEnabled - Enable/disable client certificate authentication.
42 *
43 * Save these values to the following variables in globals.php:
44 * $certificate_authority_key
45 * $certificate_authority_crt
46 * $client_certificate_valid_in_days
47 * $is_client_ssl_enabled
48 *
49 * If an error occurs, set $error_msg to the appropriate string,
50 * which will be displayed later on below.
51 */
52 /*function save_certificate_settings() {
53 if($_POST['cakey_location']) { $Authority_key = formData('cakey_location','P',true) ; }
54 if($_POST['cacrt_location']) { $Authority_crt = formData('cacrt_location','P',true); }
55 if($_POST['clientCertValidity_hidden']) { $clientCertValidity = formData('clientCertValidity_hidden','P',true); }
56 if($_POST['isClientAuthenticationEnabled']) { $isClientAuthenticationEnabled = formData('isClientAuthenticationEnabled','P',true); }
57
58 if ($isClientAuthenticationEnabled == "Yes") {
59 $isClientAuthenticationEnabled = "true";
60 } else{
61 $isClientAuthenticationEnabled = "false";
62 }
63
64 global $error_msg;
65
66 if ($Authority_key != "" && !file_exists($Authority_key)) {
67 $error_msg .= xl('Error: the file does not exist', 'e') . ' ' . $Authority_key . '<br>';
68 }
69
70 if ($Authority_crt != "" && !file_exists($Authority_crt)) {
71 $error_msg .= xl('Error, the file does not exist', 'e') . ' ' . $Authority_crt . '<br>';
72 }
73
74 if ($error_msg != "") {
75 return;
76 }
77
78 $Authority_key = str_replace('\\\\', '/', $Authority_key);
79 $Authority_key = str_replace('\\', '/', $Authority_key);
80 $Authority_crt = str_replace('\\\\', '/', $Authority_crt);
81 $Authority_crt = str_replace('\\', '/', $Authority_crt);
82
83 // Read in the globals.php file
84 $globals_file = $GLOBALS['webserver_root'] . "/interface/globals.php";
85 $inputdata = file($globals_file) or die( xl('Could not read file','e')." ". $globals_file);
86 $outputdata = "";
87
88 $wrote_key = false;
89 $wrote_crt = false;
90 $wrote_enable = false;
91 $wrote_validity = false;
92
93 // Loop through each line in globals.php, replacing any certificate variables with the new settings.
94
95 foreach ($inputdata as $line) {
96 if ((strpos($line,"\$certificate_authority_key = \"")) !== false) {
97 $wrote_key = true;
98 $outputdata .= "\$certificate_authority_key = \"$Authority_key\";\n";
99 }
100 else if ((strpos($line,"\$certificate_authority_crt = \"")) !== false) {
101 $wrote_crt = true;
102 $outputdata .= "\$certificate_authority_crt = \"$Authority_crt\";\n";
103 }
104 else if ((strpos($line,"\$is_client_ssl_enabled = ")) !== false) {
105 $wrote_enable = true;
106 $outputdata .= "\$is_client_ssl_enabled = $isClientAuthenticationEnabled;\n";
107 }
108 else if ((strpos($line,"\$client_certificate_valid_in_days = \"")) !== false) {
109 $wrote_validity = true;
110 $outputdata .= "\$client_certificate_valid_in_days = \"$clientCertValidity\";\n";
111 }
112 else {
113 $outputdata .= $line;
114 }
115 }
116 if ($wrote_key === false || $wrote_crt === false ||
117 $wrote_enable === false || $wrote_validity === false) {
118
119 $outputdata .= "<?php\n";
120
121 if ($wrote_key === false) {
122 $outputdata .= "\$certificate_authority_key = \"$Authority_key\";\n";
123 }
124 if ($wrote_crt == false) {
125 $outputdata .= "\$certificate_authority_crt = \"$Authority_crt\";\n";
126 }
127 if ($wrote_enable === false) {
128 $outputdata .= "\$is_client_ssl_enabled = $isClientAuthenticationEnabled;\n";
129 }
130 if ($wrote_validity === false) {
131 $outputdata .= "\$client_certificate_valid_in_days = \"$clientCertValidity\";\n";
132 }
133 $outputdata .= "\n?>\n";
134 }
135
136 // Write the modified globals.php back to disk
137 $fd = @fopen($globals_file, 'w');
138 if ($fd === false) {
139 $error_msg .= xl('Error, unable to open file', 'e') . ' ' . $globals_file;
140 return;
141 }
142 fwrite($fd, $outputdata);
143 fclose($fd);
144
145 $GLOBALS['is_client_ssl_enabled'] = ($isClientAuthenticationEnabled == "true");
146 $GLOBALS['certificate_authority_crt'] = $Authority_crt;
147 $GLOBALS['certificate_authority_key'] = $Authority_key;
148 }*/
149
150
151 /**
152 * Send an http reply so that the browser downloads the given file.
153 * Delete the file once the download is completed.
154 * @param $filename - The file to download.
155 * @param $filetype - The type of file.
156 */
157 function download_file($filename, $filetype)
158 {
159
160 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
161 header("Cache-Control: private");
162 header("Content-Type: application/" . $filetype);
163 header("Content-Disposition: attachment; filename=" . basename($filename) . ";");
164 header("Content-Transfer-Encoding: binary");
165 header("Content-Length: " . filesize($filename));
166 readfile($filename);
167 exit;
168 flush();
169 @unlink($filename);
170 }
171
172 /* This function is called when the "Create Client Certificate" button is clicked.
173 * Create and download a client certificate, given the following form inputs:
174 * client_cert_user - The username to store in the certificate
175 * client_cert_email - The email to store in the certificate
176 * A temporary certificate will be written to /tmp/openemr_client_cert.p12.
177 * If an error occurs, set the $error_msg (which is displayed later below).
178 */
179 function create_client_cert()
180 {
181 global $error_msg;
182
183 if (!$GLOBALS['is_client_ssl_enabled']) {
184 $error_msg .= xl('Error, User Certificate Authentication is not enabled in OpenEMR', 'e');
185 return;
186 }
187
188 if ($_POST["client_cert_user"]) {
189 $user = formData('client_cert_user', 'P', true);
190 }
191
192 if ($_POST["client_cert_email"]) {
193 $email = formData('client_cert_email', 'P', true);
194 }
195
196 $opensslconf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
197 $serial = 0;
198 $data = create_user_certificate(
199 $user,
200 $email,
201 $serial,
202 $GLOBALS['certificate_authority_crt'],
203 $GLOBALS['certificate_authority_key'],
204 $GLOBALS['client_certificate_valid_in_days']
205 );
206 if ($data === false) {
207 $error_msg .= xl('Error, unable to create client certificate.', 'e');
208 return;
209 }
210
211 $filename = $GLOBALS['temporary_files_dir'] . "/openemr_client_cert.p12";
212 $handle = fopen($filename, 'wt');
213 fwrite($handle, $data);
214 fclose($handle);
215
216 download_file($filename, "p12");
217 }
218
219 /* Delete the following temporary certificate files, if they exist:
220 * /tmp/CertificateAuthority.key
221 * /tmp/CertificateAuthority.crt
222 * /tmp/Server.key
223 * /tmp/Server.crt
224 * /tmp/admin.p12
225 * /tmp/ssl.zip
226 */
227 function delete_certificates()
228 {
229 $tempDir = $GLOBALS['temporary_files_dir'];
230 $files = array("CertificateAuthority.key", "CertificateAuthority.crt",
231 "Server.key", "Server.crt", "admin.p12", "ssl.zip");
232
233 foreach ($files as $file) {
234 if (file_exists($file)) {
235 unlink($file);
236 }
237 }
238 }
239
240 /**
241 * Create and download the following certificates:
242 * - CertificateAuthority.key
243 * - CertificateAuthority.crt
244 * - Server.key
245 * - Server.crt
246 * - admin.p12
247 * The following form inputs are used:
248 */
249 function create_and_download_certificates()
250 {
251 global $error_msg;
252 $tempDir = $GLOBALS['temporary_files_dir'];
253
254 $zipName = $tempDir . "/ssl.zip";
255 if (file_exists($zipName)) {
256 unlink($zipName);
257 }
258
259 /* Retrieve the certificate name settings from the form input */
260 if ($_POST["commonName"]) {
261 $commonName = formData('commonName', 'P', true);
262 }
263
264 if ($_POST["emailAddress"]) {
265 $emailAddress = formData('emailAddress', 'P', true);
266 }
267
268 if ($_POST["countryName"]) {
269 $countryName = formData('countryName', 'P', true);
270 }
271
272 if ($_POST["stateOrProvinceName"]) {
273 $stateOrProvinceName = formData('stateOrProvinceName', 'P', true);
274 }
275
276 if ($_POST["localityName"]) {
277 $localityName = formData('localityName', 'P', true);
278 }
279
280 if ($_POST["organizationName"]) {
281 $organizationName = formData('organizationName', 'P', true);
282 }
283
284 if ($_POST["organizationalUnitName"]) {
285 $organizationName = formData('organizationalUnitName', 'P', true);
286 }
287
288 if ($_POST["clientCertValidity"]) {
289 $clientCertValidity = formData('clientCertValidity', 'P', true);
290 }
291
292
293 /* Create the Certficate Authority (CA) */
294 $arr = create_csr("OpenEMR CA for " . $commonName, $emailAddress, $countryName, $stateOrProvinceName, $localityName, $organizationName, $organizationalUnitName);
295
296 if ($arr === false) {
297 $error_msg .= xl('Error, unable to create the Certificate Authority certificate.', 'e');
298 delete_certificates();
299 return;
300 }
301
302 $ca_csr = $arr[0];
303 $ca_key = $arr[1];
304 $ca_crt = create_crt($ca_key, $ca_csr, null, $ca_key);
305 if ($ca_crt === false) {
306 $error_msg .= xl('Error, unable to create the Certificate Authority certificate.', 'e');
307 delete_certificates();
308 return;
309 }
310
311 openssl_pkey_export_to_file($ca_key, $tempDir . "/CertificateAuthority.key");
312 openssl_x509_export_to_file($ca_crt, $tempDir . "/CertificateAuthority.crt");
313
314 /* Create the Server certificate */
315 $arr = create_csr(
316 $commonName,
317 $emailAddress,
318 $countryName,
319 $stateOrProvinceName,
320 $localityName,
321 $organizationName,
322 $organizationalUnitName
323 );
324 if ($arr === false) {
325 $error_msg .= xl('Error, unable to create the Server certificate.', 'e');
326 delete_certificates();
327 return;
328 }
329
330 $server_csr = $arr[0];
331 $server_key = $arr[1];
332 $server_crt = create_crt($server_key, $server_csr, $ca_crt, $ca_key);
333
334 if (server_crt === false) {
335 $error_msg .= xl('Error, unable to create the Server certificate.', 'e');
336 delete_certificates();
337 return;
338 }
339
340 openssl_pkey_export_to_file($server_key, $tempDir . "/Server.key");
341 openssl_x509_export_to_file($server_crt, $tempDir . "/Server.crt");
342
343 /* Create the client certificate for the 'admin' user */
344 $serial = 0;
345 $res = sqlStatement("select id from users where username='admin'");
346 if ($row = sqlFetchArray($res)) {
347 $serial = $row['id'];
348 }
349
350 $user_cert = create_user_certificate(
351 "admin",
352 $emailAddress,
353 $serial,
354 $tempDir . "/CertificateAuthority.crt",
355 $tempDir . "/CertificateAuthority.key",
356 $clientCertValidity
357 );
358 if ($user_cert === false) {
359 $error_msg .= xl('Error, unable to create the admin.p12 certificate.', 'e');
360 delete_certificates();
361 return;
362 }
363
364 $adminFile = $tempDir . "/admin.p12";
365 $handle = fopen($adminFile, 'w');
366 fwrite($handle, $user_cert);
367 fclose($handle);
368
369 /* Create a zip file containing the CertificateAuthority, Server, and admin files */
370 try {
371 if (! (class_exists('ZipArchive'))) {
372 $_SESSION["zip_error"]="Error, Class ZipArchive does not exist";
373 return;
374 }
375
376 $zip = new ZipArchive;
377 if (!($zip)) {
378 $_SESSION["zip_error"]="Error, Could not create file archive";
379 return;
380 }
381
382 if ($zip->open($zipName, ZIPARCHIVE::CREATE)) {
383 $files = array("CertificateAuthority.key", "CertificateAuthority.crt",
384 "Server.key", "Server.crt", "admin.p12");
385 foreach ($files as $file) {
386 $zip->addFile($tempDir . "/" . $file, $file);
387 }
388 } else {
389 $_SESSION["zip_error"]="Error, unable to create zip file with all the certificates";
390 return;
391 }
392
393 $zip->close();
394
395 if (ini_get('zlib.output_compression')) {
396 ini_set('zlib.output_compression', 'Off');
397 }
398 } catch (Exception $e) {
399 $_SESSION["zip_error"]="Error, Could not create file archive";
400 return;
401 }
402
403 download_file($zipName, "zip");
404 }
405
406
407
408 if (!acl_check('admin', 'users')) {
409 exit();
410 }
411
412 /*if ($_POST["mode"] == "save_ssl_settings") {
413 save_certificate_settings();
414 }*/
415
416 if ($_POST["mode"] == "create_client_certificate") {
417 create_client_cert();
418 } else if ($_POST["mode"] == "download_certificates") {
419 create_and_download_certificates();
420 }
421
422 ?>
423
424 <html>
425 <head>
426 <script language="Javascript">
427
428
429 /* If Enable User Certificate Authentication is set to "Yes", check the following:
430 * - The Client certificate validation period is > 0
431 * - The CertificateAuthority.key path is not empty
432 * - The CertificateAuthority.crt path is not empty
433 */
434 /*function save_click() {
435 if (document.ssl_frm.isClientAuthenticationEnabled[0].checked) {
436 if(document.ssl_certificate_frm.clientCertValidity.value > 0) {
437 document.ssl_frm.clientCertValidity_hidden.value = document.ssl_certificate_frm.clientCertValidity.value;
438 }
439 else {
440 alert("<?php xl('Client certificate validity should be a valid number.', 'e'); ?>");
441 document.ssl_certificate_frm.clientCertValidity.focus();
442 return false;
443 }
444 if (document.ssl_frm.cakey_location.value == "") {
445 alert ("<?php xl('Certificate Authority key file location cannot be empty', 'e'); ?>");
446 document.ssl_frm.cakey_location.focus();
447 return false;
448 }
449
450 if (document.ssl_frm.cacrt_location.value == "") {
451 alert ("<?php xl('Certificate Authority crt file location cannot be empty', 'e'); ?>");
452 document.ssl_frm.cacrt_location.focus();
453 return false;
454 }
455 }
456 return true;
457 }*/
458
459 //check whether email id is valid or not
460 function checkEmail(email) {
461 var str=email;
462 var at="@";
463 var dot=".";
464 var lat=str.indexOf(at);
465 var lstr=str.length;
466 var ldot=str.indexOf(dot);
467 if (str.indexOf(at)==-1){
468 return false;
469 }
470
471 if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr){
472 return false;
473 }
474
475 if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr){
476 return false;
477 }
478
479 if (str.indexOf(at,(lat+1))!=-1){
480 return false;
481 }
482
483 if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot){
484 return false;
485 }
486
487 if (str.indexOf(dot,(lat+2))==-1){
488 return false;
489 }
490
491 if (str.indexOf(" ")!=-1){
492 return false;
493 }
494
495 return true;
496 }
497 function download_click(){
498 if (document.ssl_certificate_frm.commonName.value == "") {
499 alert ("<?php xl('Host Name cannot be empty', 'e'); ?>");
500 document.ssl_certificate_frm.commonName.focus();
501 return false;
502 }
503
504 if (document.ssl_certificate_frm.emailAddress.value) {
505 //call checkEmail function
506 if(checkEmail(document.ssl_certificate_frm.emailAddress.value) == false){
507 alert ("<?php xl('Provide valid Email Address', 'e'); ?>");
508 return false;
509 }
510 }
511
512 if (document.ssl_certificate_frm.countryName.value.length > 2) {
513 alert ("<?php xl('Country Name should be represent in two letters. (Example: United States is US)', 'e'); ?>");
514 document.ssl_certificate_frm.countryName.focus();
515 return false;
516 }
517 if (document.ssl_certificate_frm.clientCertValidity.value < 1) {
518 alert ("<?php xl('Client certificate validity should be a valid number.', 'e'); ?>");
519 document.ssl_certificate_frm.clientCertValidity.focus();
520 return false;
521 }
522 }
523 function create_client_certificate_click(){
524
525 /*if(document.ssl_frm.isClientAuthenticationEnabled[1].checked == true)
526 {
527 alert ("<?php xl('User Certificate Authentication is disabled', 'e'); ?>");
528 return false;
529 }*/
530
531 if (document.client_cert_frm.client_cert_user.value == "") {
532 alert ("<?php xl('User name or Host name cannot be empty', 'e'); ?>");
533 document.ssl_certificate_frm.commonName.focus();
534 return false;
535 }
536 if (document.client_cert_frm.client_cert_email.value) {
537 //call checkEmail function
538 if(checkEmail(document.client_cert_frm.client_cert_email.value) == false){
539 alert ("<?php xl('Provide valid Email Address', 'e'); ?>");
540 return false;
541 }
542 }
543 }
544
545 function isNumberKey(evt) {
546 var charCode = (evt.which) ? evt.which : evt.keyCode
547 if (charCode > 31 && (charCode < 48 || charCode > 57))
548 return false;
549 else
550 return true;
551 }
552
553 </script>
554
555 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
556 <style type="text/css">
557 div.borderbox {
558 margin: 5px 5px;
559 padding: 5px 5px;
560 border: solid 1px;
561 width: 60%;
562 }
563 </style>
564
565 </head>
566 <body class="body_top">
567 <span class='title'><b><?php xl('SSL Certificate Administration', 'e'); ?></b></span>
568 </br> </br>
569 <?php if ($_SESSION["zip_error"]) { ?>
570 <div> <table align="center" >
571 <tr valign="top"> <td rowspan="3"> <?php echo "<font class='redtext'>" . xl($_SESSION["zip_error"]) ?> </td> </tr>
572 </table> <?php
573 unset($_SESSION["zip_error"]); ?></div>
574 <?php } else { ?>
575 <span class='text'>
576 <?php
577 if ($error_msg != "") {
578 echo "<font class='redtext'>" . $error_msg . "</font><br><br>";
579 }
580 ?>
581 <?php xl('To setup https access with client certificate authentication, do the following', 'e'); ?>
582 <ul>
583 <li><?php xl('Create the SSL Certificate Authority and Server certificates.', 'e'); ?>
584 <li><?php xl('Configure Apache to use HTTPS.', 'e'); ?>
585 <li><?php xl('Configure Apache and OpenEMR to use Client side SSL certificates.', 'e'); ?>
586 <li><?php xl('Import certificate to the browser.', 'e'); ?>
587 <li><?php xl('Create a Client side SSL certificate for each user or client machine.', 'e'); ?>
588 </ul>
589 <br>
590 <?php
591 if ($GLOBALS['certificate_authority_crt'] != "" && $GLOBALS['is_client_ssl_enabled']) {
592 xl('OpenEMR already has a Certificate Authority configured.', 'e');
593 }
594 ?>
595 <form method='post' name=ssl_certificate_frm action='ssl_certificates_admin.php'>
596 <input type='hidden' name='mode' value='download_certificates'>
597 <div class='borderbox'>
598 <b><?php xl('Create the SSL Certificate Authority and Server certificates.', 'e'); ?></b><br>
599 <br>
600 1. <?php xl('Fill in the values below', 'e'); ?><br>
601 2. <?php xl('Click Download Certificate to download the certificates in the file ssl.zip', 'e'); ?> <br>
602 3. <?php xl('Extract the zip file', 'e');
603 echo ": ssl.zip "; ?><br></br>
604 <?php xl('The zip file will contain the following items', 'e'); ?> <br>
605 <ul>
606 <li>Server.crt : <?php xl('The Apache SSL server certificate and public key', 'e'); ?>
607 <li>Server.key : <?php xl('The corresponding private key', 'e'); ?>
608 <li>CertificateAuthority.crt : <?php xl('The Certificate Authority certificate', 'e'); ?>
609 <li>CertificateAuthority.key : <?php xl('The corresponding private key', 'e'); ?>
610 <li>admin.p12 : <?php xl('A client certificate for the admin user', 'e'); ?>
611 </ul>
612 <table border=0>
613 <tr class='text'>
614 <td><?php xl('Host Name', 'e'); ?> *:</td>
615 <td><input name='commonName' type='text' value=''></td>
616 <td><?php xl('Example', 'e') ;
617 echo ': hostname.domain.com'; ?></td>
618 </tr>
619 <tr class='text'>
620 <td><?php xl('Email Address', 'e'); ?>:</td>
621 <td><input name='emailAddress' type='text' value=''></td>
622 <td><?php xl('Example', 'e') ;
623 echo ': web_admin@domain.com'; ?></td>
624 </tr>
625 <tr class='text'>
626 <td><?php xl('Organization Name', 'e'); ?>:</td>
627 <td><input name='organizationName' type='text' value=''></td>
628 <td><?php xl('Example', 'e');
629 echo ': My Company Ltd'; ?></td>
630 </tr>
631 <tr class='text'>
632 <td><?php xl('Organizational Unit Name', 'e'); ?>:</td>
633 <td><input name='organizationalUnitName' type='text' value=''></td>
634 <td><?php xl('Example', 'e');
635 echo ': OpenEMR'; ?></td>
636 </tr>
637 <tr class='text'>
638 <td><?php xl('Locality', 'e'); ?>:</td>
639 <td><input name='localityName' type='text' value=''></td>
640 <td><?php xl('Example', 'e') ;
641 echo ': City'; ?></td>
642 </tr>
643 <tr class='text'>
644 <td><?php xl('State Or Province', 'e'); ?>:</td>
645 <td><input name='stateOrProvinceName' type='text' value=''></td>
646 <td><?php xl('Example', 'e') ;
647 echo ': California'; ?></td>
648 </tr>
649 <tr class='text'>
650 <td><?php xl('Country', 'e'); ?>:</td>
651 <td><input name='countryName' type='text' value='' maxlength='2'></td>
652 <td><?php xl('Example', 'e');
653 echo ': US';
654 echo ' (';
655 xl('Should be two letters', 'e');
656 echo ')'; ?></td>
657 </tr>
658 <tr class='text'>
659 <td><?php xl('Client certificate validation period', 'e'); ?>:</td>
660 <td><input name='clientCertValidity' type='text' onkeypress='return isNumberKey(event)' value='365'></td>
661 <td><?php xl('days', 'e'); ?></td>
662 </tr>
663 <tr>
664 <td colspan=3 align='center'>
665 <input name='sslcrt' type='submit' onclick='return download_click();' value='<?php xl('Download Certificates', 'e'); ?>'>
666 </td>
667 </tr>
668 </table>
669 </div>
670 </form>
671 <br>
672
673 <div class="borderbox">
674 <b><?php xl('Configure Apache to use HTTPS.', 'e'); ?></b><br>
675 <br>
676 <?php xl('Add new certificates to the Apache configuration file', 'e'); ?>:<br>
677 <br>
678 SSLEngine on<br>
679 SSLCertificateFile /path/to/Server.crt<br>
680 SSLCertificateKeyFile /path/to/Server.key<br>
681 SSLCACertificateFile /path/to/CertificateAuthority.crt<br>
682 <br>
683 <?php xl('Note', 'e'); ?>:
684 <ul>
685 <li><?php xl('To Enable only HTTPS, perform the above changes and restart Apache server. If you want to configure client side certificates also, please configure them in the next section.', 'e'); ?></br>
686 <li> <?php xl('To Disable HTTPS, comment the above lines in Apache configuration file and restart Apache server.', 'e'); ?>
687 <ul/>
688 </div>
689
690 <br>
691 <div class="borderbox">
692 <form name='ssl_frm' method='post'>
693 <b><?php xl('Configure Apache to use Client side SSL certificates', 'e'); ?> </b>
694 <br></br>
695 <?php xl('Add following lines to the Apache configuration file', 'e'); ?>:<br>
696 </br>
697 SSLVerifyClient require<br>
698 SSLVerifyDepth 2<br>
699 SSLOptions +StdEnvVars<br>
700 <!--/br> <b><?php xl('Configure Openemr to use Client side SSL certificates', 'e'); ?> </b></br>
701 <input type='hidden' name='clientCertValidity_hidden' value=''>
702 <input type='hidden' name='mode' value='save_ssl_settings'></br>
703 <table cellpadding=0 cellspacing=0>
704 <tr class='text'>
705 <td><?php xl('Enable User Certificate Authentication', 'e'); ?>:</td>
706 <td>
707 <input name='isClientAuthenticationEnabled' type='radio' value='Yes'
708 <?php if ($GLOBALS['is_client_ssl_enabled']) {
709 echo "checked";
710 } ?> > <?php xl('Yes', 'e'); ?>
711 <input name='isClientAuthenticationEnabled' type='radio' value='No' <?php if (!$GLOBALS['is_client_ssl_enabled']) {
712 echo "checked";
713 } ?> > <?php xl('No', 'e'); ?>
714 </td>
715 </tr>
716 <tr><td>&nbsp;</td></tr>
717 <tr class='text'>
718 <td>CertificateAuthority.key <?php xl('file location', 'e'); ?>: </td>
719 <td>
720 <input type='hidden' name='hiden_cakey' />
721 <input name='cakey_location' type='text' size=20 value='<?php echo $GLOBALS['certificate_authority_key'] ?>' /> (<?php xl('Provide absolute path', 'e'); ?>)
722 </td>
723 </tr>
724 <tr class='text'>
725 <td>CertificateAuthority.crt <?php xl('file location', 'e'); ?>: </td>
726 <td>
727 <input type='hidden' name='hiden_cacrt' />
728 <input name='cacrt_location' type=text size=20 value='<?php echo $GLOBALS['certificate_authority_crt'] ?>'/> (<?php xl('Provide absolute path', 'e'); ?>)
729 </td>
730 </tr>
731 </table>
732 </br>
733 <input type='submit' value='<?php xl('Save Certificate Settings', 'e'); ?>' onclick='return save_click();'-->
734 </br> <b><?php xl('Configure Openemr to use Client side SSL certificates', 'e'); ?> </b></br>
735 <input type='hidden' name='clientCertValidity_hidden' value=''>
736 </br>
737
738 <?php xl('Update the following variables in file', 'e'); ?>: globals.php</br></br>
739 <?php xl('To enable Client side ssl certificates', 'e'); ?></br>
740 <?php xl('Set', 'e'); ?> 'is_client_ssl_enabled' <?php xl('to', 'e'); ?> 'true' </br></br>
741 <?php xl('Provide absolute path of file', 'e'); ?> CertificateAuthority.key</br>
742 <?php xl('Set', 'e'); ?> 'certificate_authority_key' <?php xl('to absolute path of file', 'e'); ?> 'CertificateAuthority.key'</br></br>
743 <?php xl('Provide absolute path of file', 'e'); ?> CertificateAuthority.crt</br>
744 <?php xl('Set', 'e'); ?> 'certificate_authority_crt' <?php xl('to absolute path of file', 'e'); ?> 'CertificateAuthority.crt'</br>
745 <br>
746 </br><?php xl('Note', 'e'); ?>:
747 <ul>
748 <li><?php xl('To Enable Client side SSL certificates authentication, HTTPS should be enabled.', 'e'); ?>
749 <li><?php xl('After performing above configurations, import the admin client certificate to the browser and restart Apache server (empty password).', 'e'); ?>
750 <li><?php xl('To Disable client side SSL certificates, comment above lines in Apache configuration file and set', 'e'); ?> 'false' <?php xl('for variable', 'e'); ?> 'is_client_ssl_enabled' (globals.php) <?php xl('and restart Apache server.', 'e'); ?>
751 </form>
752 </div>
753 <br>
754 <div class="borderbox">
755 <b><?php xl('Create Client side SSL certificates', 'e'); ?></b><br>
756 <br>
757 <?php xl('Create a client side SSL certificate for either a user or a client hostname.', 'e'); ?>
758 <br>
759 <?php
760 if (!$GLOBALS['is_client_ssl_enabled'] ||
761 $GLOBALS['certificate_authority_crt'] == "") {
762 echo "<font class='redtext'>" . xl('OpenEMR must be configured to use certificates before it can create client certificates.', 'e') . "</font><br>";
763 }
764 ?>
765 <form name='client_cert_frm' method='post' action='ssl_certificates_admin.php'>
766 <input type='hidden' name='mode' value='create_client_certificate'>
767 <table>
768 <tr class='text'>
769 <td><?php xl('User or Host name', 'e'); ?>*:</td>
770 <td><input type='text' name='client_cert_user' size=20 />
771 </tr>
772 <tr class='text'>
773 <td><?php xl('Email', 'e'); ?>:</td>
774 <td><input type='text' name='client_cert_email' size=20 />
775 </tr>
776 </table>
777 </br> <input type='submit' onclick='return create_client_certificate_click();' value='<?php xl('Create Client Certificate', 'e'); ?>'>
778 </form>
779 </div>
780 <br>
781 <br>&nbsp;
782 <br>&nbsp;
783 </span>
784 <?php } ?>
785 </body>
786 </html>
Mirror of official OpenEMR Sourceforge repository