search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fully responsive globals.php with vertical menu (#2460)
[openemr.git] / interface / usergroup / ssl_certificates_admin.php
blob933d8d5fcf3b315db44c02d2d44a58bde94a9ddc
1 <?php
2 /**
3 * This page is used to setup https access to OpenEMR with client certificate authentication.
4 * If enabled, the browser must connect to OpenEMR using a client SSL certificate that is
5 * generated by OpenEMR. This page is used to create the Certificate Authority and
6 * Apache SSL server certificate.
7 *
8 * @package OpenEMR
9 * @link http://www.open-emr.org
10 * @author Visolve (vicareplus_engg@visolve.com)
11 * @author Brady Miller <brady.g.miller@gmail.com>
12 * @copyright Copyright (c) Visolve (vicareplus_engg@visolve.com)
13 * @copyright Copyright (c) 2018 Brady Miller <brady.g.miller@gmail.com>
14 * @license https://github.com/openemr/openemr/blob/master/LICENSE CNU General Public License 3
15 */
16
17
18 require_once("../globals.php");
19 require_once("../../library/create_ssl_certificate.php");
20
21 if (!empty($_POST)) {
22 if (!verifyCsrfToken($_POST["csrf_token_form"])) {
23 csrfNotVerified();
24 }
25 }
26
27 /* This string contains any error messages if generating
28 * certificates fails.
29 */
30 $error_msg = "";
31
32 /* This function is called when the "Save Certificate Settings" button is clicked.
33 * Save the certificate settings to the file globals.php.
34 * The following form inputs are used:
35 * cakey_location - The path to the CA key file
36 * cacrt_location - The path to the CA certificate file
37 * clientCertValidity_hidden - Number of days client certificates are valid.
38 * isClientAuthenticationEnabled - Enable/disable client certificate authentication.
39 *
40 * Save these values to the following variables in globals.php:
41 * $certificate_authority_key
42 * $certificate_authority_crt
43 * $client_certificate_valid_in_days
44 * $is_client_ssl_enabled
45 *
46 * If an error occurs, set $error_msg to the appropriate string,
47 * which will be displayed later on below.
48 */
49 /*function save_certificate_settings() {
50 if($_POST['cakey_location']) { $Authority_key = trim($_POST['cakey_location']); }
51 if($_POST['cacrt_location']) { $Authority_crt = trim($_POST['cacrt_location']); }
52 if($_POST['clientCertValidity_hidden']) { $clientCertValidity = trim($_POST['clientCertValidity_hidden']); }
53 if($_POST['isClientAuthenticationEnabled']) { $isClientAuthenticationEnabled = trim($_POST['isClientAuthenticationEnabled']); }
54
55 if ($isClientAuthenticationEnabled == "Yes") {
56 $isClientAuthenticationEnabled = "true";
57 } else{
58 $isClientAuthenticationEnabled = "false";
59 }
60
61 global $error_msg;
62
63 if ($Authority_key != "" && !file_exists($Authority_key)) {
64 $error_msg .= xl('Error: the file does not exist') . ' ' . $Authority_key . '<br>';
65 }
66
67 if ($Authority_crt != "" && !file_exists($Authority_crt)) {
68 $error_msg .= xl('Error, the file does not exist') . ' ' . $Authority_crt . '<br>';
69 }
70
71 if ($error_msg != "") {
72 return;
73 }
74
75 $Authority_key = str_replace('\\\\', '/', $Authority_key);
76 $Authority_key = str_replace('\\', '/', $Authority_key);
77 $Authority_crt = str_replace('\\\\', '/', $Authority_crt);
78 $Authority_crt = str_replace('\\', '/', $Authority_crt);
79
80 // Read in the globals.php file
81 $globals_file = $GLOBALS['fileroot'] . "/interface/globals.php";
82 $inputdata = file($globals_file) or die( xlt('Could not read file')." ". text($globals_file));
83 $outputdata = "";
84
85 $wrote_key = false;
86 $wrote_crt = false;
87 $wrote_enable = false;
88 $wrote_validity = false;
89
90 // Loop through each line in globals.php, replacing any certificate variables with the new settings.
91
92 foreach ($inputdata as $line) {
93 if ((strpos($line,"\$certificate_authority_key = \"")) !== false) {
94 $wrote_key = true;
95 $outputdata .= "\$certificate_authority_key = \"$Authority_key\";\n";
96 }
97 else if ((strpos($line,"\$certificate_authority_crt = \"")) !== false) {
98 $wrote_crt = true;
99 $outputdata .= "\$certificate_authority_crt = \"$Authority_crt\";\n";
100 }
101 else if ((strpos($line,"\$is_client_ssl_enabled = ")) !== false) {
102 $wrote_enable = true;
103 $outputdata .= "\$is_client_ssl_enabled = $isClientAuthenticationEnabled;\n";
104 }
105 else if ((strpos($line,"\$client_certificate_valid_in_days = \"")) !== false) {
106 $wrote_validity = true;
107 $outputdata .= "\$client_certificate_valid_in_days = \"$clientCertValidity\";\n";
108 }
109 else {
110 $outputdata .= $line;
111 }
112 }
113 if ($wrote_key === false || $wrote_crt === false ||
114 $wrote_enable === false || $wrote_validity === false) {
115
116 $outputdata .= "<?php\n";
117
118 if ($wrote_key === false) {
119 $outputdata .= "\$certificate_authority_key = \"$Authority_key\";\n";
120 }
121 if ($wrote_crt == false) {
122 $outputdata .= "\$certificate_authority_crt = \"$Authority_crt\";\n";
123 }
124 if ($wrote_enable === false) {
125 $outputdata .= "\$is_client_ssl_enabled = $isClientAuthenticationEnabled;\n";
126 }
127 if ($wrote_validity === false) {
128 $outputdata .= "\$client_certificate_valid_in_days = \"$clientCertValidity\";\n";
129 }
130 $outputdata .= "\n?>\n";
131 }
132
133 // Write the modified globals.php back to disk
134 $fd = @fopen($globals_file, 'w');
135 if ($fd === false) {
136 $error_msg .= xl('Error, unable to open file') . ' ' . $globals_file;
137 return;
138 }
139 fwrite($fd, $outputdata);
140 fclose($fd);
141
142 $GLOBALS['is_client_ssl_enabled'] = ($isClientAuthenticationEnabled == "true");
143 $GLOBALS['certificate_authority_crt'] = $Authority_crt;
144 $GLOBALS['certificate_authority_key'] = $Authority_key;
145 }*/
146
147
148 /**
149 * Send an http reply so that the browser downloads the given file.
150 * Delete the file once the download is completed.
151 * @param $filename - The file to download.
152 * @param $filetype - The type of file.
153 */
154 function download_file($filename, $filetype)
155 {
156
157 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
158 header("Cache-Control: private");
159 header("Content-Type: application/" . $filetype);
160 header("Content-Disposition: attachment; filename=" . basename($filename) . ";");
161 header("Content-Transfer-Encoding: binary");
162 header("Content-Length: " . filesize($filename));
163 readfile($filename);
164 exit;
165 flush();
166 @unlink($filename);
167 }
168
169 /* This function is called when the "Create Client Certificate" button is clicked.
170 * Create and download a client certificate, given the following form inputs:
171 * client_cert_user - The username to store in the certificate
172 * client_cert_email - The email to store in the certificate
173 * A temporary certificate will be written to /tmp/openemr_client_cert.p12.
174 * If an error occurs, set the $error_msg (which is displayed later below).
175 */
176 function create_client_cert()
177 {
178 global $error_msg;
179
180 if (!$GLOBALS['is_client_ssl_enabled']) {
181 $error_msg .= xl('Error, User Certificate Authentication is not enabled in OpenEMR');
182 return;
183 }
184 if (!file_exists($GLOBALS['certificate_authority_crt'])) {
185 $error_msg .= xl('Error, the CA Certificate File doesn\'t exist');
186 return;
187 }
188 if (!file_exists($GLOBALS['certificate_authority_key'])) {
189 $error_msg .= xl('Error, the CA Key File doesn\'t exist');
190 return;
191 }
192
193 if ($_POST["client_cert_user"]) {
194 $user = trim($_POST['client_cert_user']);
195 }
196
197 if ($_POST["client_cert_email"]) {
198 $email = trim($_POST['client_cert_email']);
199 }
200
201 $opensslconf = $GLOBALS['fileroot'] . "/library/openssl.cnf";
202 $serial = 0;
203 $data = create_user_certificate(
204 $user,
205 $email,
206 $serial,
207 $GLOBALS['certificate_authority_crt'],
208 $GLOBALS['certificate_authority_key'],
209 $GLOBALS['client_certificate_valid_in_days']
210 );
211 if ($data === false) {
212 $error_msg .= xl('Error, unable to create client certificate.');
213 return;
214 }
215
216 $filename = $GLOBALS['temporary_files_dir'] . "/openemr_client_cert.p12";
217 $handle = fopen($filename, 'w');
218 fwrite($handle, $data);
219 fclose($handle);
220
221 download_file($filename, "p12");
222 }
223
224 /* Delete the following temporary certificate files, if they exist:
225 * /tmp/CertificateAuthority.key
226 * /tmp/CertificateAuthority.crt
227 * /tmp/Server.key
228 * /tmp/Server.crt
229 * /tmp/admin.p12
230 * /tmp/ssl.zip
231 */
232 function delete_certificates()
233 {
234 $tempDir = $GLOBALS['temporary_files_dir'];
235 $files = array("CertificateAuthority.key", "CertificateAuthority.crt",
236 "Server.key", "Server.crt", "admin.p12", "ssl.zip");
237
238 foreach ($files as $file) {
239 if (file_exists($file)) {
240 unlink($file);
241 }
242 }
243 }
244
245 /**
246 * Create and download the following certificates:
247 * - CertificateAuthority.key
248 * - CertificateAuthority.crt
249 * - Server.key
250 * - Server.crt
251 * - admin.p12
252 * The following form inputs are used:
253 */
254 function create_and_download_certificates()
255 {
256 global $error_msg;
257 $tempDir = $GLOBALS['temporary_files_dir'];
258
259 $zipName = $tempDir . "/ssl.zip";
260 if (file_exists($zipName)) {
261 unlink($zipName);
262 }
263
264 $commonName = false;
265 $emailAddress = false;
266 $countryName = false;
267 $stateOrProvinceName = false;
268 $localityName = false;
269 $organizationName = false;
270 $organizationalUnitName = false;
271 $clientCertValidity = false;
272
273 /* Retrieve the certificate name settings from the form input */
274 if ($_POST["commonName"]) {
275 $commonName = trim($_POST['commonName']);
276 }
277
278 if ($_POST["emailAddress"]) {
279 $emailAddress = trim($_POST['emailAddress']);
280 }
281
282 if ($_POST["countryName"]) {
283 $countryName = trim($_POST['countryName']);
284 }
285
286 if ($_POST["stateOrProvinceName"]) {
287 $stateOrProvinceName = trim($_POST['stateOrProvinceName']);
288 }
289
290 if ($_POST["localityName"]) {
291 $localityName = trim($_POST['localityName']);
292 }
293
294 if ($_POST["organizationName"]) {
295 $organizationName = trim($_POST['organizationName']);
296 }
297
298 if ($_POST["organizationalUnitName"]) {
299 $organizationName = trim($_POST['organizationalUnitName']);
300 }
301
302 if ($_POST["clientCertValidity"]) {
303 $clientCertValidity = trim($_POST['clientCertValidity']);
304 }
305
306
307 /* Create the Certficate Authority (CA) */
308 $arr = create_csr(
309 "OpenEMR CA for " . $commonName,
310 $emailAddress,
311 $countryName,
312 $stateOrProvinceName,
313 $localityName,
314 $organizationName,
315 $organizationalUnitName
316 );
317
318 if ($arr === false) {
319 $error_msg .= xl('Error, unable to create the Certificate Authority certificate.');
320 delete_certificates();
321 return;
322 }
323
324 $ca_csr = $arr[0];
325 $ca_key = $arr[1];
326 $config = $arr[2];
327 $ca_crt = create_crt($ca_csr, null, $ca_key);
328 if ($ca_crt === false) {
329 $error_msg .= xl('Error, unable to create the Certificate Authority certificate.');
330 delete_certificates();
331 return;
332 }
333
334 openssl_pkey_export_to_file($ca_key, $tempDir . "/CertificateAuthority.key", null, $config);
335 openssl_x509_export_to_file($ca_crt, $tempDir . "/CertificateAuthority.crt");
336
337 /* Create the Server certificate */
338 $arr = create_csr(
339 $commonName,
340 $emailAddress,
341 $countryName,
342 $stateOrProvinceName,
343 $localityName,
344 $organizationName,
345 $organizationalUnitName
346 );
347 if ($arr === false) {
348 $error_msg .= xl('Error, unable to create the Server certificate.');
349 delete_certificates();
350 return;
351 }
352
353 $server_csr = $arr[0];
354 $server_key = $arr[1];
355 $config = $arr[2];
356 $server_crt = create_crt($server_csr, $ca_crt, $ca_key);
357
358 if ($server_crt === false) {
359 $error_msg .= xl('Error, unable to create the Server certificate.');
360 delete_certificates();
361 return;
362 }
363
364 openssl_pkey_export_to_file($server_key, $tempDir . "/Server.key", null, $config);
365 openssl_x509_export_to_file($server_crt, $tempDir . "/Server.crt");
366
367 /* Create the client certificate for the 'admin' user */
368 $serial = 0;
369 $res = sqlStatement("select id from users where username='admin'");
370 if ($row = sqlFetchArray($res)) {
371 $serial = $row['id'];
372 }
373
374 $user_cert = create_user_certificate(
375 "admin",
376 $emailAddress,
377 $serial,
378 $tempDir . "/CertificateAuthority.crt",
379 $tempDir . "/CertificateAuthority.key",
380 $clientCertValidity
381 );
382 if ($user_cert === false) {
383 $error_msg .= xl('Error, unable to create the admin.p12 certificate.');
384 delete_certificates();
385 return;
386 }
387
388 $adminFile = $tempDir . "/admin.p12";
389 $handle = fopen($adminFile, 'w');
390 fwrite($handle, $user_cert);
391 fclose($handle);
392
393 /* Create a zip file containing the CertificateAuthority, Server, and admin files */
394 try {
395 if (! (class_exists('ZipArchive'))) {
396 $_SESSION["zip_error"]="Error, Class ZipArchive does not exist";
397 return;
398 }
399
400 $zip = new ZipArchive;
401 if (!($zip)) {
402 $_SESSION["zip_error"]="Error, Could not create file archive";
403 return;
404 }
405
406 if ($zip->open($zipName, ZIPARCHIVE::CREATE)) {
407 $files = array("CertificateAuthority.key", "CertificateAuthority.crt",
408 "Server.key", "Server.crt", "admin.p12");
409 foreach ($files as $file) {
410 $zip->addFile($tempDir . "/" . $file, $file);
411 }
412 } else {
413 $_SESSION["zip_error"]="Error, unable to create zip file with all the certificates";
414 return;
415 }
416
417 $zip->close();
418
419 if (ini_get('zlib.output_compression')) {
420 ini_set('zlib.output_compression', 'Off');
421 }
422 } catch (Exception $e) {
423 $_SESSION["zip_error"]="Error, Could not create file archive";
424 return;
425 }
426
427 download_file($zipName, "zip");
428 }
429
430
431
432 if (!acl_check('admin', 'users')) {
433 exit();
434 }
435
436 /*if ($_POST["mode"] == "save_ssl_settings") {
437 save_certificate_settings();
438 }*/
439
440 if ($_POST["mode"] == "create_client_certificate") {
441 create_client_cert();
442 } else if ($_POST["mode"] == "download_certificates") {
443 create_and_download_certificates();
444 }
445
446 ?>
447
448 <html>
449 <head>
450 <script language="Javascript">
451
452
453 /* If Enable User Certificate Authentication is set to "Yes", check the following:
454 * - The Client certificate validation period is > 0
455 * - The CertificateAuthority.key path is not empty
456 * - The CertificateAuthority.crt path is not empty
457 */
458 /*function save_click() {
459 if (document.ssl_frm.isClientAuthenticationEnabled[0].checked) {
460 if(document.ssl_certificate_frm.clientCertValidity.value > 0) {
461 document.ssl_frm.clientCertValidity_hidden.value = document.ssl_certificate_frm.clientCertValidity.value;
462 }
463 else {
464 alert (<?php xlj('Client certificate validity should be a valid number.'); ?>);
465 document.ssl_certificate_frm.clientCertValidity.focus();
466 return false;
467 }
468 if (document.ssl_frm.cakey_location.value == "") {
469 alert (<?php xlj('Certificate Authority key file location cannot be empty'); ?>);
470 document.ssl_frm.cakey_location.focus();
471 return false;
472 }
473
474 if (document.ssl_frm.cacrt_location.value == "") {
475 alert (<?php xlj('Certificate Authority crt file location cannot be empty'); ?>);
476 document.ssl_frm.cacrt_location.focus();
477 return false;
478 }
479 }
480 return true;
481 }*/
482
483 //check whether email id is valid or not
484 function checkEmail(email) {
485 var str=email;
486 var at="@";
487 var dot=".";
488 var lat=str.indexOf(at);
489 var lstr=str.length;
490 var ldot=str.indexOf(dot);
491 if (str.indexOf(at)==-1){
492 return false;
493 }
494
495 if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr){
496 return false;
497 }
498
499 if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr){
500 return false;
501 }
502
503 if (str.indexOf(at,(lat+1))!=-1){
504 return false;
505 }
506
507 if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot){
508 return false;
509 }
510
511 if (str.indexOf(dot,(lat+2))==-1){
512 return false;
513 }
514
515 if (str.indexOf(" ")!=-1){
516 return false;
517 }
518
519 return true;
520 }
521 function download_click(){
522 if (document.ssl_certificate_frm.commonName.value == "") {
523 alert (<?php xlj('Host Name cannot be empty'); ?>);
524 document.ssl_certificate_frm.commonName.focus();
525 return false;
526 }
527
528 if (document.ssl_certificate_frm.emailAddress.value) {
529 //call checkEmail function
530 if(checkEmail(document.ssl_certificate_frm.emailAddress.value) == false){
531 alert (<?php xlj('Provide valid Email Address'); ?>);
532 return false;
533 }
534 }
535
536 if (document.ssl_certificate_frm.countryName.value.length > 2) {
537 alert (<?php xlj('Country Name should be represent in two letters. (Example: United States is US)'); ?>);
538 document.ssl_certificate_frm.countryName.focus();
539 return false;
540 }
541 if (document.ssl_certificate_frm.clientCertValidity.value < 1) {
542 alert (<?php xlj('Client certificate validity should be a valid number.'); ?>);
543 document.ssl_certificate_frm.clientCertValidity.focus();
544 return false;
545 }
546 }
547 function create_client_certificate_click(){
548
549 /*if(document.ssl_frm.isClientAuthenticationEnabled[1].checked == true)
550 {
551 alert (<?php xlj('User Certificate Authentication is disabled'); ?>);
552 return false;
553 }*/
554
555 if (document.client_cert_frm.client_cert_user.value == "") {
556 alert (<?php xlj('User name or Host name cannot be empty'); ?>);
557 document.ssl_certificate_frm.commonName.focus();
558 return false;
559 }
560 if (document.client_cert_frm.client_cert_email.value) {
561 //call checkEmail function
562 if(checkEmail(document.client_cert_frm.client_cert_email.value) == false){
563 alert (<?php xlj('Provide valid Email Address'); ?>);
564 return false;
565 }
566 }
567 }
568
569 function isNumberKey(evt) {
570 var charCode = (evt.which) ? evt.which : evt.keyCode
571 if (charCode > 31 && (charCode < 48 || charCode > 57))
572 return false;
573 else
574 return true;
575 }
576
577 </script>
578
579 <link rel="stylesheet" href="<?php echo $css_header;?>" type="text/css">
580 <style type="text/css">
581 div.borderbox {
582 margin: 5px 5px;
583 padding: 5px 5px;
584 border: solid 1px;
585 width: 60%;
586 }
587 </style>
588
589 </head>
590 <body class="body_top">
591 <span class='title'><b><?php echo xlt('SSL Certificate Administration'); ?></b></span>
592 </br> </br>
593 <?php if ($_SESSION["zip_error"]) { ?>
594 <div> <table align="center" >
595 <tr valign="top"> <td rowspan="3"> <?php echo "<font class='redtext'>" . xlt($_SESSION["zip_error"]) ?> </td> </tr>
596 </table> <?php
597 unset($_SESSION["zip_error"]); ?></div>
598 <?php } else { ?>
599 <span class='text'>
600 <?php
601 if ($error_msg != "") {
602 echo "<font class='redtext'>" . text($error_msg) . "</font><br><br>";
603 }
604 ?>
605 <?php echo xlt('To setup https access with client certificate authentication, do the following'); ?>
606 <ul>
607 <li><?php echo xlt('Create the SSL Certificate Authority and Server certificates.'); ?>
608 <li><?php echo xlt('Configure Apache to use HTTPS.'); ?>
609 <li><?php echo xlt('Configure Apache and OpenEMR to use Client side SSL certificates.'); ?>
610 <li><?php echo xlt('Import certificate to the browser.'); ?>
611 <li><?php echo xlt('Create a Client side SSL certificate for each user or client machine.'); ?>
612 </ul>
613 <br>
614 <?php
615 if ($GLOBALS['certificate_authority_crt'] != "" && $GLOBALS['is_client_ssl_enabled']) {
616 echo xlt('OpenEMR already has a Certificate Authority configured.');
617 }
618 ?>
619 <form method='post' name=ssl_certificate_frm action='ssl_certificates_admin.php'>
620 <input type="hidden" name="csrf_token_form" value="<?php echo attr(collectCsrfToken()); ?>" />
621 <input type='hidden' name='mode' value='download_certificates'>
622 <div class='borderbox'>
623 <b><?php echo xlt('Create the SSL Certificate Authority and Server certificates.'); ?></b><br>
624 <br>
625 1. <?php echo xlt('Fill in the values below'); ?><br>
626 2. <?php echo xlt('Click Download Certificate to download the certificates in the file ssl.zip'); ?> <br>
627 3. <?php echo xlt('Extract the zip file');
628 echo ": ssl.zip "; ?><br></br>
629 <?php echo xlt('The zip file will contain the following items'); ?> <br>
630 <ul>
631 <li>Server.crt : <?php echo xlt('The Apache SSL server certificate and public key'); ?>
632 <li>Server.key : <?php echo xlt('The corresponding private key'); ?>
633 <li>CertificateAuthority.crt : <?php echo xlt('The Certificate Authority certificate'); ?>
634 <li>CertificateAuthority.key : <?php echo xlt('The corresponding private key'); ?>
635 <li>admin.p12 : <?php echo xlt('A client certificate for the admin user'); ?>
636 </ul>
637 <table border=0>
638 <tr class='text'>
639 <td><?php echo xlt('Host Name'); ?> *:</td>
640 <td><input name='commonName' type='text' value=''></td>
641 <td><?php echo xlt('Example') ;
642 echo ': hostname.domain.com'; ?></td>
643 </tr>
644 <tr class='text'>
645 <td><?php echo xlt('Email Address'); ?>:</td>
646 <td><input name='emailAddress' type='text' value=''></td>
647 <td><?php echo xlt('Example') ;
648 echo ': web_admin@domain.com'; ?></td>
649 </tr>
650 <tr class='text'>
651 <td><?php echo xlt('Organization Name'); ?>:</td>
652 <td><input name='organizationName' type='text' value=''></td>
653 <td><?php echo xlt('Example');
654 echo ': My Company Ltd'; ?></td>
655 </tr>
656 <tr class='text'>
657 <td><?php echo xlt('Organizational Unit Name'); ?>:</td>
658 <td><input name='organizationalUnitName' type='text' value=''></td>
659 <td><?php echo xlt('Example');
660 echo ': OpenEMR'; ?></td>
661 </tr>
662 <tr class='text'>
663 <td><?php echo xlt('Locality'); ?>:</td>
664 <td><input name='localityName' type='text' value=''></td>
665 <td><?php echo xlt('Example') ;
666 echo ': City'; ?></td>
667 </tr>
668 <tr class='text'>
669 <td><?php echo xlt('State Or Province'); ?>:</td>
670 <td><input name='stateOrProvinceName' type='text' value=''></td>
671 <td><?php echo xlt('Example') ;
672 echo ': California'; ?></td>
673 </tr>
674 <tr class='text'>
675 <td><?php echo xlt('Country'); ?>:</td>
676 <td><input name='countryName' type='text' value='' maxlength='2'></td>
677 <td><?php echo xlt('Example');
678 echo ': US';
679 echo ' (';
680 echo xlt('Should be two letters');
681 echo ')'; ?></td>
682 </tr>
683 <tr class='text'>
684 <td><?php echo xlt('Client certificate validation period'); ?>:</td>
685 <td><input name='clientCertValidity' type='text' onkeypress='return isNumberKey(event)' value='365'></td>
686 <td><?php echo xlt('days'); ?></td>
687 </tr>
688 <tr>
689 <td colspan=3 align='center'>
690 <input name='sslcrt' type='submit' onclick='return download_click();' value='<?php echo xla('Download Certificates'); ?>'>
691 </td>
692 </tr>
693 </table>
694 </div>
695 </form>
696 <br>
697
698 <div class="borderbox">
699 <b><?php echo xlt('Configure Apache to use HTTPS.'); ?></b><br>
700 <br>
701 <?php echo xlt('Add new certificates to the Apache configuration file'); ?>:<br>
702 <br>
703 SSLEngine on<br>
704 SSLCertificateFile /path/to/Server.crt<br>
705 SSLCertificateKeyFile /path/to/Server.key<br>
706 SSLCACertificateFile /path/to/CertificateAuthority.crt<br>
707 <br>
708 <?php echo xlt('Note'); ?>:
709 <ul>
710 <li><?php echo xlt('To Enable only HTTPS, perform the above changes and restart Apache server. If you want to configure client side certificates also, please configure them in the next section.'); ?></br>
711 <li> <?php echo xlt('To Disable HTTPS, comment the above lines in Apache configuration file and restart Apache server.'); ?>
712 <ul/>
713 </div>
714
715 <br>
716 <div class="borderbox">
717 <form name='ssl_frm' method='post'>
718 <input type="hidden" name="csrf_token_form" value="<?php echo attr(collectCsrfToken()); ?>" />
719 <b><?php echo xlt('Configure Apache to use Client side SSL certificates'); ?> </b>
720 <br></br>
721 <?php echo xlt('Add following lines to the Apache configuration file'); ?>:<br>
722 </br>
723 SSLVerifyClient require<br>
724 SSLVerifyDepth 2<br>
725 SSLOptions +StdEnvVars<br>
726 <!--/br> <b><?php echo xlt('Configure Openemr to use Client side SSL certificates'); ?> </b></br>
727 <input type='hidden' name='clientCertValidity_hidden' value=''>
728 <input type='hidden' name='mode' value='save_ssl_settings'></br>
729 <table cellpadding=0 cellspacing=0>
730 <tr class='text'>
731 <td><?php echo xlt('Enable User Certificate Authentication'); ?>:</td>
732 <td>
733 <input name='isClientAuthenticationEnabled' type='radio' value='Yes'
734 <?php echo ($GLOBALS['is_client_ssl_enabled']) ? "checked" : ""; ?> > <?php echo xlt('Yes'); ?>
735 <input name='isClientAuthenticationEnabled' type='radio' value='No' <?php echo (!$GLOBALS['is_client_ssl_enabled']) ? "checked" : ""; ?> > <?php echo xlt('No'); ?>
736 </td>
737 </tr>
738 <tr><td>&nbsp;</td></tr>
739 <tr class='text'>
740 <td>CertificateAuthority.key <?php echo xlt('file location'); ?>: </td>
741 <td>
742 <input type='hidden' name='hiden_cakey' />
743 <input name='cakey_location' type='text' size=20 value='<?php echo attr($GLOBALS['certificate_authority_key']); ?>' /> (<?php echo xlt('Provide absolute path'); ?>)
744 </td>
745 </tr>
746 <tr class='text'>
747 <td>CertificateAuthority.crt <?php echo xlt('file location'); ?>: </td>
748 <td>
749 <input type='hidden' name='hiden_cacrt' />
750 <input name='cacrt_location' type=text size=20 value='<?php echo attr($GLOBALS['certificate_authority_crt']); ?>'/> (<?php echo xlt('Provide absolute path'); ?>)
751 </td>
752 </tr>
753 </table>
754 </br>
755 <input type='submit' value='<?php echo xla('Save Certificate Settings'); ?>' onclick='return save_click();'-->
756 </br> <b><?php echo xlt('Configure Openemr to use Client side SSL certificates'); ?> </b></br>
757 <input type='hidden' name='clientCertValidity_hidden' value=''>
758 </br>
759
760 <?php echo xlt('Update the following variables in file'); ?>: globals.php</br></br>
761 <?php echo xlt('To enable Client side ssl certificates'); ?></br>
762 <?php echo xlt('Set'); ?> 'is_client_ssl_enabled' <?php echo xlt('to'); ?> 'true' </br></br>
763 <?php echo xlt('Provide absolute path of file'); ?> CertificateAuthority.key</br>
764 <?php echo xlt('Set'); ?> 'certificate_authority_key' <?php echo xlt('to absolute path of file'); ?> 'CertificateAuthority.key'</br></br>
765 <?php echo xlt('Provide absolute path of file'); ?> CertificateAuthority.crt</br>
766 <?php echo xlt('Set'); ?> 'certificate_authority_crt' <?php echo xlt('to absolute path of file'); ?> 'CertificateAuthority.crt'</br>
767 <br>
768 </br><?php echo xlt('Note'); ?>:
769 <ul>
770 <li><?php echo xlt('To Enable Client side SSL certificates authentication, HTTPS should be enabled.'); ?>
771 <li><?php echo xlt('After performing above configurations, import the admin client certificate to the browser and restart Apache server (empty password).'); ?>
772 <li><?php echo xlt('To Disable client side SSL certificates, comment above lines in Apache configuration file and set'); ?> 'false' <?php echo xlt('for variable'); ?> 'is_client_ssl_enabled' (globals.php) <?php echo xlt('and restart Apache server.'); ?>
773 </form>
774 </div>
775 <br>
776 <div class="borderbox">
777 <b><?php echo xlt('Create Client side SSL certificates'); ?></b><br>
778 <br>
779 <?php echo xlt('Create a client side SSL certificate for either a user or a client hostname.'); ?>
780 <br>
781 <?php
782 if (!$GLOBALS['is_client_ssl_enabled'] ||
783 $GLOBALS['certificate_authority_crt'] == "") {
784 echo "<font class='redtext'>" . xlt('OpenEMR must be configured to use certificates before it can create client certificates.') . "</font><br>";
785 }
786 ?>
787 <form name='client_cert_frm' method='post' action='ssl_certificates_admin.php'>
788 <input type="hidden" name="csrf_token_form" value="<?php echo attr(collectCsrfToken()); ?>" />
789 <input type='hidden' name='mode' value='create_client_certificate'>
790 <table>
791 <tr class='text'>
792 <td><?php echo xlt('User or Host name'); ?>*:</td>
793 <td><input type='text' name='client_cert_user' size=20 />
794 </tr>
795 <tr class='text'>
796 <td><?php echo xlt('Email'); ?>:</td>
797 <td><input type='text' name='client_cert_email' size=20 />
798 </tr>
799 </table>
800 </br> <input type='submit' onclick='return create_client_certificate_click();' value='<?php echo xla('Create Client Certificate'); ?>'>
801 </form>
802 </div>
803 <br>
804 <br>&nbsp;
805 <br>&nbsp;
806 </span>
807 <?php } ?>
808 </body>
809 </html>
Mirror of official OpenEMR Sourceforge repository