search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
migrated ubiquitous libraries to composer autoloader (#421)
[openemr.git] / interface / usergroup / ssl_certificates_admin.php
blob33e35d413134feefde9b7972734ef60f3a35b9dd
1 <?php
2 require_once("../globals.php");
3 require_once("../../library/create_ssl_certificate.php");
4 require_once("../../library/sql.inc");
5 require_once("$srcdir/translation.inc.php");
6
7 /********************************************************************************\
8 * Copyright (C) Visolve (vicareplus_engg@visolve.com) *
9 * *
10 * This program is free software; you can redistribute it and/or *
11 * modify it under the terms of the GNU General Public License *
12 * as published by the Free Software Foundation; either version 2 *
13 * of the License, or (at your option) any later version. *
14 * *
15 * This program is distributed in the hope that it will be useful, *
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
18 * GNU General Public License for more details. *
19 * *
20 * You should have received a copy of the GNU General Public License *
21 * along with this program; if not, write to the Free Software *
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
23 ********************************************************************************/
24
25 /*
26 * This page is used to setup https access to OpenEMR with client certificate authentication.
27 * If enabled, the browser must connect to OpenEMR using a client SSL certificate that is
28 * generated by OpenEMR. This page is used to create the Certificate Authority and
29 * Apache SSL server certificate.
30 */
31
32 /* This string contains any error messages if generating
33 * certificates fails.
34 */
35 $error_msg = "";
36
37 /* This function is called when the "Save Certificate Settings" button is clicked.
38 * Save the certificate settings to the file globals.php.
39 * The following form inputs are used:
40 * cakey_location - The path to the CA key file
41 * cacrt_location - The path to the CA certificate file
42 * clientCertValidity_hidden - Number of days client certificates are valid.
43 * isClientAuthenticationEnabled - Enable/disable client certificate authentication.
44 *
45 * Save these values to the following variables in globals.php:
46 * $certificate_authority_key
47 * $certificate_authority_crt
48 * $client_certificate_valid_in_days
49 * $is_client_ssl_enabled
50 *
51 * If an error occurs, set $error_msg to the appropriate string,
52 * which will be displayed later on below.
53 */
54 /*function save_certificate_settings() {
55 if($_POST['cakey_location']) { $Authority_key = formData('cakey_location','P',true) ; }
56 if($_POST['cacrt_location']) { $Authority_crt = formData('cacrt_location','P',true); }
57 if($_POST['clientCertValidity_hidden']) { $clientCertValidity = formData('clientCertValidity_hidden','P',true); }
58 if($_POST['isClientAuthenticationEnabled']) { $isClientAuthenticationEnabled = formData('isClientAuthenticationEnabled','P',true); }
59
60 if ($isClientAuthenticationEnabled == "Yes") {
61 $isClientAuthenticationEnabled = "true";
62 } else{
63 $isClientAuthenticationEnabled = "false";
64 }
65
66 global $error_msg;
67
68 if ($Authority_key != "" && !file_exists($Authority_key)) {
69 $error_msg .= xl('Error: the file does not exist', 'e') . ' ' . $Authority_key . '<br>';
70 }
71
72 if ($Authority_crt != "" && !file_exists($Authority_crt)) {
73 $error_msg .= xl('Error, the file does not exist', 'e') . ' ' . $Authority_crt . '<br>';
74 }
75
76 if ($error_msg != "") {
77 return;
78 }
79
80 $Authority_key = str_replace('\\\\', '/', $Authority_key);
81 $Authority_key = str_replace('\\', '/', $Authority_key);
82 $Authority_crt = str_replace('\\\\', '/', $Authority_crt);
83 $Authority_crt = str_replace('\\', '/', $Authority_crt);
84
85 // Read in the globals.php file
86 $globals_file = $GLOBALS['webserver_root'] . "/interface/globals.php";
87 $inputdata = file($globals_file) or die( xl('Could not read file','e')." ". $globals_file);
88 $outputdata = "";
89
90 $wrote_key = false;
91 $wrote_crt = false;
92 $wrote_enable = false;
93 $wrote_validity = false;
94
95 // Loop through each line in globals.php, replacing any certificate variables with the new settings.
96
97 foreach ($inputdata as $line) {
98 if ((strpos($line,"\$certificate_authority_key = \"")) !== false) {
99 $wrote_key = true;
100 $outputdata .= "\$certificate_authority_key = \"$Authority_key\";\n";
101 }
102 else if ((strpos($line,"\$certificate_authority_crt = \"")) !== false) {
103 $wrote_crt = true;
104 $outputdata .= "\$certificate_authority_crt = \"$Authority_crt\";\n";
105 }
106 else if ((strpos($line,"\$is_client_ssl_enabled = ")) !== false) {
107 $wrote_enable = true;
108 $outputdata .= "\$is_client_ssl_enabled = $isClientAuthenticationEnabled;\n";
109 }
110 else if ((strpos($line,"\$client_certificate_valid_in_days = \"")) !== false) {
111 $wrote_validity = true;
112 $outputdata .= "\$client_certificate_valid_in_days = \"$clientCertValidity\";\n";
113 }
114 else {
115 $outputdata .= $line;
116 }
117 }
118 if ($wrote_key === false || $wrote_crt === false ||
119 $wrote_enable === false || $wrote_validity === false) {
120
121 $outputdata .= "<?php\n";
122
123 if ($wrote_key === false) {
124 $outputdata .= "\$certificate_authority_key = \"$Authority_key\";\n";
125 }
126 if ($wrote_crt == false) {
127 $outputdata .= "\$certificate_authority_crt = \"$Authority_crt\";\n";
128 }
129 if ($wrote_enable === false) {
130 $outputdata .= "\$is_client_ssl_enabled = $isClientAuthenticationEnabled;\n";
131 }
132 if ($wrote_validity === false) {
133 $outputdata .= "\$client_certificate_valid_in_days = \"$clientCertValidity\";\n";
134 }
135 $outputdata .= "\n?>\n";
136 }
137
138 // Write the modified globals.php back to disk
139 $fd = @fopen($globals_file, 'w');
140 if ($fd === false) {
141 $error_msg .= xl('Error, unable to open file', 'e') . ' ' . $globals_file;
142 return;
143 }
144 fwrite($fd, $outputdata);
145 fclose($fd);
146
147 $GLOBALS['is_client_ssl_enabled'] = ($isClientAuthenticationEnabled == "true");
148 $GLOBALS['certificate_authority_crt'] = $Authority_crt;
149 $GLOBALS['certificate_authority_key'] = $Authority_key;
150 }*/
151
152
153 /**
154 * Send an http reply so that the browser downloads the given file.
155 * Delete the file once the download is completed.
156 * @param $filename - The file to download.
157 * @param $filetype - The type of file.
158 */
159 function download_file($filename, $filetype) {
160
161 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
162 header("Cache-Control: private");
163 header("Content-Type: application/" . $filetype);
164 header("Content-Disposition: attachment; filename=" . basename($filename) . ";");
165 header("Content-Transfer-Encoding: binary");
166 header("Content-Length: " . filesize($filename));
167 readfile($filename);
168 exit;
169 flush();
170 @unlink($filename);
171 }
172
173 /* This function is called when the "Create Client Certificate" button is clicked.
174 * Create and download a client certificate, given the following form inputs:
175 * client_cert_user - The username to store in the certificate
176 * client_cert_email - The email to store in the certificate
177 * A temporary certificate will be written to /tmp/openemr_client_cert.p12.
178 * If an error occurs, set the $error_msg (which is displayed later below).
179 */
180 function create_client_cert() {
181 global $error_msg;
182
183 if (!$GLOBALS['is_client_ssl_enabled']) {
184 $error_msg .= xl('Error, User Certificate Authentication is not enabled in OpenEMR', 'e');
185 return;
186 }
187
188 if ($_POST["client_cert_user"]) { $user = formData('client_cert_user','P',true); }
189 if ($_POST["client_cert_email"]) { $email = formData('client_cert_email','P',true); }
190 $opensslconf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
191 $serial = 0;
192 $data = create_user_certificate($user, $email, $serial,
193 $GLOBALS['certificate_authority_crt'],
194 $GLOBALS['certificate_authority_key'],
195 $GLOBALS['client_certificate_valid_in_days']);
196 if ($data === false) {
197 $error_msg .= xl('Error, unable to create client certificate.', 'e');
198 return;
199 }
200
201 $filename = $GLOBALS['temporary_files_dir'] . "/openemr_client_cert.p12";
202 $handle = fopen($filename, 'wt');
203 fwrite($handle, $data);
204 fclose($handle);
205
206 download_file($filename, "p12");
207 }
208
209 /* Delete the following temporary certificate files, if they exist:
210 * /tmp/CertificateAuthority.key
211 * /tmp/CertificateAuthority.crt
212 * /tmp/Server.key
213 * /tmp/Server.crt
214 * /tmp/admin.p12
215 * /tmp/ssl.zip
216 */
217 function delete_certificates() {
218 $tempDir = $GLOBALS['temporary_files_dir'];
219 $files = array("CertificateAuthority.key", "CertificateAuthority.crt",
220 "Server.key", "Server.crt", "admin.p12", "ssl.zip");
221
222 foreach ($files as $file) {
223 if (file_exists($file)) {
224 unlink($file);
225 }
226 }
227 }
228
229 /**
230 * Create and download the following certificates:
231 * - CertificateAuthority.key
232 * - CertificateAuthority.crt
233 * - Server.key
234 * - Server.crt
235 * - admin.p12
236 * The following form inputs are used:
237 */
238 function create_and_download_certificates()
239 {
240 global $error_msg;
241 $tempDir = $GLOBALS['temporary_files_dir'];
242
243 $zipName = $tempDir . "/ssl.zip";
244 if (file_exists($zipName)) {
245 unlink($zipName);
246 }
247
248 /* Retrieve the certificate name settings from the form input */
249 if ($_POST["commonName"]) { $commonName = formData('commonName','P',true); }
250 if ($_POST["emailAddress"]) { $emailAddress = formData('emailAddress','P',true); }
251 if ($_POST["countryName"]) { $countryName = formData('countryName','P',true); }
252 if ($_POST["stateOrProvinceName"]) { $stateOrProvinceName = formData('stateOrProvinceName','P',true); }
253 if ($_POST["localityName"]) { $localityName = formData('localityName','P',true); }
254 if ($_POST["organizationName"]) { $organizationName = formData('organizationName','P',true); }
255 if ($_POST["organizationalUnitName"]) { $organizationName = formData('organizationalUnitName','P',true); }
256 if ($_POST["clientCertValidity"]) { $clientCertValidity = formData('clientCertValidity','P',true); }
257
258
259 /* Create the Certficate Authority (CA) */
260 $arr = create_csr("OpenEMR CA for " . $commonName, $emailAddress, $countryName, $stateOrProvinceName,$localityName, $organizationName, $organizationalUnitName);
261
262 if ($arr === false) {
263 $error_msg .= xl('Error, unable to create the Certificate Authority certificate.', 'e');
264 delete_certificates();
265 return;
266 }
267 $ca_csr = $arr[0];
268 $ca_key = $arr[1];
269 $ca_crt = create_crt($ca_key, $ca_csr, NULL, $ca_key);
270 if ($ca_crt === false) {
271 $error_msg .= xl('Error, unable to create the Certificate Authority certificate.', 'e');
272 delete_certificates();
273 return;
274 }
275 openssl_pkey_export_to_file($ca_key, $tempDir . "/CertificateAuthority.key");
276 openssl_x509_export_to_file($ca_crt, $tempDir . "/CertificateAuthority.crt");
277
278 /* Create the Server certificate */
279 $arr = create_csr($commonName, $emailAddress, $countryName, $stateOrProvinceName,
280 $localityName, $organizationName, $organizationalUnitName);
281 if ($arr === false) {
282 $error_msg .= xl('Error, unable to create the Server certificate.', 'e');
283 delete_certificates();
284 return;
285 }
286
287 $server_csr = $arr[0];
288 $server_key = $arr[1];
289 $server_crt = create_crt($server_key, $server_csr, $ca_crt, $ca_key);
290
291 if (server_crt === false) {
292 $error_msg .= xl('Error, unable to create the Server certificate.', 'e');
293 delete_certificates();
294 return;
295 }
296
297 openssl_pkey_export_to_file($server_key, $tempDir . "/Server.key");
298 openssl_x509_export_to_file($server_crt, $tempDir . "/Server.crt");
299
300 /* Create the client certificate for the 'admin' user */
301 $serial = 0;
302 $res = sqlStatement("select id from users where username='admin'");
303 if ($row = sqlFetchArray($res)) {
304 $serial = $row['id'];
305 }
306
307 $user_cert = create_user_certificate("admin", $emailAddress, $serial,
308 $tempDir . "/CertificateAuthority.crt",
309 $tempDir . "/CertificateAuthority.key",
310 $clientCertValidity);
311 if ($user_cert === false) {
312 $error_msg .= xl('Error, unable to create the admin.p12 certificate.', 'e');
313 delete_certificates();
314 return;
315 }
316 $adminFile = $tempDir . "/admin.p12";
317 $handle = fopen($adminFile, 'w');
318 fwrite($handle, $user_cert);
319 fclose($handle);
320
321 /* Create a zip file containing the CertificateAuthority, Server, and admin files */
322 try {
323 if (! (class_exists('ZipArchive')) ) {
324 $_SESSION["zip_error"]="Error, Class ZipArchive does not exist";
325 return;
326 }
327
328 $zip = new ZipArchive;
329 if(!($zip)) {
330 $_SESSION["zip_error"]="Error, Could not create file archive";
331 return;
332 }
333
334 if ($zip->open($zipName, ZIPARCHIVE::CREATE)) {
335 $files = array("CertificateAuthority.key", "CertificateAuthority.crt",
336 "Server.key", "Server.crt", "admin.p12");
337 foreach ($files as $file) {
338 $zip->addFile($tempDir . "/" . $file, $file);
339 }
340 }
341 else {
342 $_SESSION["zip_error"]="Error, unable to create zip file with all the certificates";
343 return;
344 }
345 $zip->close();
346
347 if(ini_get('zlib.output_compression')) {
348 ini_set('zlib.output_compression', 'Off');
349 }
350 }
351 catch (Exception $e) {
352 $_SESSION["zip_error"]="Error, Could not create file archive";
353 return;
354 }
355
356 download_file($zipName, "zip");
357 }
358
359
360
361 if (!acl_check('admin', 'users')) {
362 exit();
363 }
364
365 /*if ($_POST["mode"] == "save_ssl_settings") {
366 save_certificate_settings();
367 }*/
368
369 if ($_POST["mode"] == "create_client_certificate") {
370 create_client_cert();
371 }
372 else if ($_POST["mode"] == "download_certificates") {
373 create_and_download_certificates();
374 }
375
376 ?>
377
378 <html>
379 <head>
380 <script language="Javascript">
381
382
383 /* If Enable User Certificate Authentication is set to "Yes", check the following:
384 * - The Client certificate validation period is > 0
385 * - The CertificateAuthority.key path is not empty
386 * - The CertificateAuthority.crt path is not empty
387 */
388 /*function save_click() {
389 if (document.ssl_frm.isClientAuthenticationEnabled[0].checked) {
390 if(document.ssl_certificate_frm.clientCertValidity.value > 0) {
391 document.ssl_frm.clientCertValidity_hidden.value = document.ssl_certificate_frm.clientCertValidity.value;
392 }
393 else {
394 alert("<?php xl('Client certificate validity should be a valid number.', 'e'); ?>");
395 document.ssl_certificate_frm.clientCertValidity.focus();
396 return false;
397 }
398 if (document.ssl_frm.cakey_location.value == "") {
399 alert ("<?php xl('Certificate Authority key file location cannot be empty', 'e'); ?>");
400 document.ssl_frm.cakey_location.focus();
401 return false;
402 }
403
404 if (document.ssl_frm.cacrt_location.value == "") {
405 alert ("<?php xl('Certificate Authority crt file location cannot be empty', 'e'); ?>");
406 document.ssl_frm.cacrt_location.focus();
407 return false;
408 }
409 }
410 return true;
411 }*/
412
413 //check whether email id is valid or not
414 function checkEmail(email) {
415 var str=email;
416 var at="@";
417 var dot=".";
418 var lat=str.indexOf(at);
419 var lstr=str.length;
420 var ldot=str.indexOf(dot);
421 if (str.indexOf(at)==-1){
422 return false;
423 }
424
425 if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr){
426 return false;
427 }
428
429 if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr){
430 return false;
431 }
432
433 if (str.indexOf(at,(lat+1))!=-1){
434 return false;
435 }
436
437 if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot){
438 return false;
439 }
440
441 if (str.indexOf(dot,(lat+2))==-1){
442 return false;
443 }
444
445 if (str.indexOf(" ")!=-1){
446 return false;
447 }
448
449 return true;
450 }
451 function download_click(){
452 if (document.ssl_certificate_frm.commonName.value == "") {
453 alert ("<?php xl('Host Name cannot be empty', 'e'); ?>");
454 document.ssl_certificate_frm.commonName.focus();
455 return false;
456 }
457
458 if (document.ssl_certificate_frm.emailAddress.value) {
459 //call checkEmail function
460 if(checkEmail(document.ssl_certificate_frm.emailAddress.value) == false){
461 alert ("<?php xl('Provide valid Email Address', 'e'); ?>");
462 return false;
463 }
464 }
465
466 if (document.ssl_certificate_frm.countryName.value.length > 2) {
467 alert ("<?php xl('Country Name should be represent in two letters. (Example: United States is US)', 'e'); ?>");
468 document.ssl_certificate_frm.countryName.focus();
469 return false;
470 }
471 if (document.ssl_certificate_frm.clientCertValidity.value < 1) {
472 alert ("<?php xl('Client certificate validity should be a valid number.', 'e'); ?>");
473 document.ssl_certificate_frm.clientCertValidity.focus();
474 return false;
475 }
476 }
477 function create_client_certificate_click(){
478
479 /*if(document.ssl_frm.isClientAuthenticationEnabled[1].checked == true)
480 {
481 alert ("<?php xl('User Certificate Authentication is disabled', 'e'); ?>");
482 return false;
483 }*/
484
485 if (document.client_cert_frm.client_cert_user.value == "") {
486 alert ("<?php xl('User name or Host name cannot be empty', 'e'); ?>");
487 document.ssl_certificate_frm.commonName.focus();
488 return false;
489 }
490 if (document.client_cert_frm.client_cert_email.value) {
491 //call checkEmail function
492 if(checkEmail(document.client_cert_frm.client_cert_email.value) == false){
493 alert ("<?php xl('Provide valid Email Address', 'e'); ?>");
494 return false;
495 }
496 }
497 }
498
499 function isNumberKey(evt) {
500 var charCode = (evt.which) ? evt.which : evt.keyCode
501 if (charCode > 31 && (charCode < 48 || charCode > 57))
502 return false;
503 else
504 return true;
505 }
506
507 </script>
508
509 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
510 <style type="text/css">
511 div.borderbox {
512 margin: 5px 5px;
513 padding: 5px 5px;
514 border: solid 1px;
515 width: 60%;
516 }
517 </style>
518
519 </head>
520 <body class="body_top">
521 <span class='title'><b><?php xl('SSL Certificate Administration', 'e'); ?></b></span>
522 </br> </br>
523 <?php if($_SESSION["zip_error"]) { ?>
524 <div> <table align="center" >
525 <tr valign="top"> <td rowspan="3"> <?php echo "<font class='redtext'>" . xl($_SESSION["zip_error"]) ?> </td> </tr>
526 </table> <?php
527 unset($_SESSION["zip_error"]); ?></div>
528 <?php } else { ?>
529 <span class='text'>
530 <?php
531 if ($error_msg != "") {
532 echo "<font class='redtext'>" . $error_msg . "</font><br><br>";
533 }
534 ?>
535 <?php xl('To setup https access with client certificate authentication, do the following', 'e'); ?>
536 <ul>
537 <li><?php xl('Create the SSL Certificate Authority and Server certificates.', 'e'); ?>
538 <li><?php xl('Configure Apache to use HTTPS.', 'e'); ?>
539 <li><?php xl('Configure Apache and OpenEMR to use Client side SSL certificates.', 'e'); ?>
540 <li><?php xl('Import certificate to the browser.', 'e'); ?>
541 <li><?php xl('Create a Client side SSL certificate for each user or client machine.', 'e'); ?>
542 </ul>
543 <br>
544 <?php
545 if ($GLOBALS['certificate_authority_crt'] != "" && $GLOBALS['is_client_ssl_enabled']) {
546 xl('OpenEMR already has a Certificate Authority configured.', 'e');
547 }
548 ?>
549 <form method='post' name=ssl_certificate_frm action='ssl_certificates_admin.php'>
550 <input type='hidden' name='mode' value='download_certificates'>
551 <div class='borderbox'>
552 <b><?php xl('Create the SSL Certificate Authority and Server certificates.', 'e'); ?></b><br>
553 <br>
554 1. <?php xl('Fill in the values below', 'e'); ?><br>
555 2. <?php xl('Click Download Certificate to download the certificates in the file ssl.zip', 'e'); ?> <br>
556 3. <?php xl('Extract the zip file', 'e'); echo ": ssl.zip "; ?><br></br>
557 <?php xl('The zip file will contain the following items', 'e'); ?> <br>
558 <ul>
559 <li>Server.crt : <?php xl('The Apache SSL server certificate and public key', 'e'); ?>
560 <li>Server.key : <?php xl('The corresponding private key', 'e'); ?>
561 <li>CertificateAuthority.crt : <?php xl('The Certificate Authority certificate', 'e'); ?>
562 <li>CertificateAuthority.key : <?php xl('The corresponding private key', 'e'); ?>
563 <li>admin.p12 : <?php xl('A client certificate for the admin user', 'e'); ?>
564 </ul>
565 <table border=0>
566 <tr class='text'>
567 <td><?php xl('Host Name', 'e'); ?> *:</td>
568 <td><input name='commonName' type='text' value=''></td>
569 <td><?php xl('Example', 'e') ; echo ': hostname.domain.com'; ?></td>
570 </tr>
571 <tr class='text'>
572 <td><?php xl('Email Address', 'e'); ?>:</td>
573 <td><input name='emailAddress' type='text' value=''></td>
574 <td><?php xl('Example', 'e') ; echo ': web_admin@domain.com'; ?></td>
575 </tr>
576 <tr class='text'>
577 <td><?php xl('Organization Name', 'e'); ?>:</td>
578 <td><input name='organizationName' type='text' value=''></td>
579 <td><?php xl('Example', 'e'); echo ': My Company Ltd'; ?></td>
580 </tr>
581 <tr class='text'>
582 <td><?php xl('Organizational Unit Name', 'e'); ?>:</td>
583 <td><input name='organizationalUnitName' type='text' value=''></td>
584 <td><?php xl('Example', 'e'); echo ': OpenEMR'; ?></td>
585 </tr>
586 <tr class='text'>
587 <td><?php xl('Locality', 'e'); ?>:</td>
588 <td><input name='localityName' type='text' value=''></td>
589 <td><?php xl('Example', 'e') ; echo ': City'; ?></td>
590 </tr>
591 <tr class='text'>
592 <td><?php xl('State Or Province', 'e'); ?>:</td>
593 <td><input name='stateOrProvinceName' type='text' value=''></td>
594 <td><?php xl('Example', 'e') ; echo ': California'; ?></td>
595 </tr>
596 <tr class='text'>
597 <td><?php xl('Country', 'e'); ?>:</td>
598 <td><input name='countryName' type='text' value='' maxlength='2'></td>
599 <td><?php xl('Example', 'e'); echo ': US'; echo ' ('; xl('Should be two letters', 'e'); echo ')'; ?></td>
600 </tr>
601 <tr class='text'>
602 <td><?php xl('Client certificate validation period', 'e'); ?>:</td>
603 <td><input name='clientCertValidity' type='text' onkeypress='return isNumberKey(event)' value='365'></td>
604 <td><?php xl('days', 'e'); ?></td>
605 </tr>
606 <tr>
607 <td colspan=3 align='center'>
608 <input name='sslcrt' type='submit' onclick='return download_click();' value='<?php xl('Download Certificates', 'e'); ?>'>
609 </td>
610 </tr>
611 </table>
612 </div>
613 </form>
614 <br>
615
616 <div class="borderbox">
617 <b><?php xl('Configure Apache to use HTTPS.', 'e'); ?></b><br>
618 <br>
619 <?php xl('Add new certificates to the Apache configuration file', 'e'); ?>:<br>
620 <br>
621 SSLEngine on<br>
622 SSLCertificateFile /path/to/Server.crt<br>
623 SSLCertificateKeyFile /path/to/Server.key<br>
624 SSLCACertificateFile /path/to/CertificateAuthority.crt<br>
625 <br>
626 <?php xl('Note','e'); ?>:
627 <ul>
628 <li><?php xl('To Enable only HTTPS, perform the above changes and restart Apache server. If you want to configure client side certificates also, please configure them in the next section.', 'e'); ?></br>
629 <li> <?php xl('To Disable HTTPS, comment the above lines in Apache configuration file and restart Apache server.', 'e'); ?>
630 <ul/>
631 </div>
632
633 <br>
634 <div class="borderbox">
635 <form name='ssl_frm' method='post'>
636 <b><?php xl('Configure Apache to use Client side SSL certificates', 'e'); ?> </b>
637 <br></br>
638 <?php xl('Add following lines to the Apache configuration file', 'e'); ?>:<br>
639 </br>
640 SSLVerifyClient require<br>
641 SSLVerifyDepth 2<br>
642 SSLOptions +StdEnvVars<br>
643 <!--/br> <b><?php xl('Configure Openemr to use Client side SSL certificates', 'e'); ?> </b></br>
644 <input type='hidden' name='clientCertValidity_hidden' value=''>
645 <input type='hidden' name='mode' value='save_ssl_settings'></br>
646 <table cellpadding=0 cellspacing=0>
647 <tr class='text'>
648 <td><?php xl('Enable User Certificate Authentication', 'e'); ?>:</td>
649 <td>
650 <input name='isClientAuthenticationEnabled' type='radio' value='Yes'
651 <?php if ($GLOBALS['is_client_ssl_enabled']) echo "checked"; ?> > <?php xl('Yes', 'e'); ?>
652 <input name='isClientAuthenticationEnabled' type='radio' value='No' <?php if (!$GLOBALS['is_client_ssl_enabled']) echo "checked"; ?> > <?php xl('No', 'e'); ?>
653 </td>
654 </tr>
655 <tr><td>&nbsp;</td></tr>
656 <tr class='text'>
657 <td>CertificateAuthority.key <?php xl('file location', 'e'); ?>: </td>
658 <td>
659 <input type='hidden' name='hiden_cakey' />
660 <input name='cakey_location' type='text' size=20 value='<?php echo $GLOBALS['certificate_authority_key'] ?>' /> (<?php xl('Provide absolute path', 'e'); ?>)
661 </td>
662 </tr>
663 <tr class='text'>
664 <td>CertificateAuthority.crt <?php xl('file location', 'e'); ?>: </td>
665 <td>
666 <input type='hidden' name='hiden_cacrt' />
667 <input name='cacrt_location' type=text size=20 value='<?php echo $GLOBALS['certificate_authority_crt'] ?>'/> (<?php xl('Provide absolute path', 'e'); ?>)
668 </td>
669 </tr>
670 </table>
671 </br>
672 <input type='submit' value='<?php xl('Save Certificate Settings', 'e'); ?>' onclick='return save_click();'-->
673 </br> <b><?php xl('Configure Openemr to use Client side SSL certificates', 'e'); ?> </b></br>
674 <input type='hidden' name='clientCertValidity_hidden' value=''>
675 </br>
676
677 <?php xl('Update the following variables in file', 'e'); ?>: globals.php</br></br>
678 <?php xl('To enable Client side ssl certificates', 'e'); ?></br>
679 <?php xl('Set', 'e'); ?> 'is_client_ssl_enabled' <?php xl('to', 'e'); ?> 'true' </br></br>
680 <?php xl('Provide absolute path of file', 'e'); ?> CertificateAuthority.key</br>
681 <?php xl('Set', 'e'); ?> 'certificate_authority_key' <?php xl('to absolute path of file', 'e'); ?> 'CertificateAuthority.key'</br></br>
682 <?php xl('Provide absolute path of file', 'e'); ?> CertificateAuthority.crt</br>
683 <?php xl('Set', 'e'); ?> 'certificate_authority_crt' <?php xl('to absolute path of file', 'e'); ?> 'CertificateAuthority.crt'</br>
684 <br>
685 </br><?php xl('Note','e'); ?>:
686 <ul>
687 <li><?php xl('To Enable Client side SSL certificates authentication, HTTPS should be enabled.', 'e'); ?>
688 <li><?php xl('After performing above configurations, import the admin client certificate to the browser and restart Apache server (empty password).', 'e'); ?>
689 <li><?php xl('To Disable client side SSL certificates, comment above lines in Apache configuration file and set', 'e'); ?> 'false' <?php xl('for variable', 'e'); ?> 'is_client_ssl_enabled' (globals.php) <?php xl('and restart Apache server.', 'e'); ?>
690 </form>
691 </div>
692 <br>
693 <div class="borderbox">
694 <b><?php xl('Create Client side SSL certificates', 'e'); ?></b><br>
695 <br>
696 <?php xl('Create a client side SSL certificate for either a user or a client hostname.', 'e'); ?>
697 <br>
698 <?php
699 if (!$GLOBALS['is_client_ssl_enabled'] ||
700 $GLOBALS['certificate_authority_crt'] == "") {
701 echo "<font class='redtext'>" . xl('OpenEMR must be configured to use certificates before it can create client certificates.', 'e') . "</font><br>";
702 }
703 ?>
704 <form name='client_cert_frm' method='post' action='ssl_certificates_admin.php'>
705 <input type='hidden' name='mode' value='create_client_certificate'>
706 <table>
707 <tr class='text'>
708 <td><?php xl('User or Host name', 'e'); ?>*:</td>
709 <td><input type='text' name='client_cert_user' size=20 />
710 </tr>
711 <tr class='text'>
712 <td><?php xl('Email', 'e'); ?>:</td>
713 <td><input type='text' name='client_cert_email' size=20 />
714 </tr>
715 </table>
716 </br> <input type='submit' onclick='return create_client_certificate_click();' value='<?php xl('Create Client Certificate', 'e'); ?>'>
717 </form>
718 </div>
719 <br>
720 <br>&nbsp;
721 <br>&nbsp;
722 </span>
723 <?php } ?>
724 </body>
725 </html>
Mirror of official OpenEMR Sourceforge repository