2 require_once("../globals.php");
3 require_once("../../library/create_ssl_certificate.php");
4 require_once("../../library/sql.inc");
5 require_once("$srcdir/formdata.inc.php");
6 require_once("$srcdir/translation.inc.php");
8 /********************************************************************************\
9 * Copyright (C) Visolve (vicareplus_engg@visolve.com) *
11 * This program is free software; you can redistribute it and/or *
12 * modify it under the terms of the GNU General Public License *
13 * as published by the Free Software Foundation; either version 2 *
14 * of the License, or (at your option) any later version. *
16 * This program is distributed in the hope that it will be useful, *
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
19 * GNU General Public License for more details. *
21 * You should have received a copy of the GNU General Public License *
22 * along with this program; if not, write to the Free Software *
23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
24 ********************************************************************************/
27 * This page is used to setup https access to OpenEMR with client certificate authentication.
28 * If enabled, the browser must connect to OpenEMR using a client SSL certificate that is
29 * generated by OpenEMR. This page is used to create the Certificate Authority and
30 * Apache SSL server certificate.
33 /* This string contains any error messages if generating
38 /* This function is called when the "Save Certificate Settings" button is clicked.
39 * Save the certificate settings to the file globals.php.
40 * The following form inputs are used:
41 * cakey_location - The path to the CA key file
42 * cacrt_location - The path to the CA certificate file
43 * clientCertValidity_hidden - Number of days client certificates are valid.
44 * isClientAuthenticationEnabled - Enable/disable client certificate authentication.
46 * Save these values to the following variables in globals.php:
47 * $certificate_authority_key
48 * $certificate_authority_crt
49 * $client_certificate_valid_in_days
50 * $is_client_ssl_enabled
52 * If an error occurs, set $error_msg to the appropriate string,
53 * which will be displayed later on below.
55 /*function save_certificate_settings() {
56 if($_POST['cakey_location']) { $Authority_key = formData('cakey_location','P',true) ; }
57 if($_POST['cacrt_location']) { $Authority_crt = formData('cacrt_location','P',true); }
58 if($_POST['clientCertValidity_hidden']) { $clientCertValidity = formData('clientCertValidity_hidden','P',true); }
59 if($_POST['isClientAuthenticationEnabled']) { $isClientAuthenticationEnabled = formData('isClientAuthenticationEnabled','P',true); }
61 if ($isClientAuthenticationEnabled == "Yes") {
62 $isClientAuthenticationEnabled = "true";
64 $isClientAuthenticationEnabled = "false";
69 if ($Authority_key != "" && !file_exists($Authority_key)) {
70 $error_msg .= xl('Error: the file does not exist', 'e') . ' ' . $Authority_key . '<br>';
73 if ($Authority_crt != "" && !file_exists($Authority_crt)) {
74 $error_msg .= xl('Error, the file does not exist', 'e') . ' ' . $Authority_crt . '<br>';
77 if ($error_msg != "") {
81 $Authority_key = str_replace('\\\\', '/', $Authority_key);
82 $Authority_key = str_replace('\\', '/', $Authority_key);
83 $Authority_crt = str_replace('\\\\', '/', $Authority_crt);
84 $Authority_crt = str_replace('\\', '/', $Authority_crt);
86 // Read in the globals.php file
87 $globals_file = $GLOBALS['webserver_root'] . "/interface/globals.php";
88 $inputdata = file($globals_file) or die( xl('Could not read file','e')." ". $globals_file);
93 $wrote_enable = false;
94 $wrote_validity = false;
96 // Loop through each line in globals.php, replacing any certificate variables with the new settings.
98 foreach ($inputdata as $line) {
99 if ((strpos($line,"\$certificate_authority_key = \"")) !== false) {
101 $outputdata .= "\$certificate_authority_key = \"$Authority_key\";\n";
103 else if ((strpos($line,"\$certificate_authority_crt = \"")) !== false) {
105 $outputdata .= "\$certificate_authority_crt = \"$Authority_crt\";\n";
107 else if ((strpos($line,"\$is_client_ssl_enabled = ")) !== false) {
108 $wrote_enable = true;
109 $outputdata .= "\$is_client_ssl_enabled = $isClientAuthenticationEnabled;\n";
111 else if ((strpos($line,"\$client_certificate_valid_in_days = \"")) !== false) {
112 $wrote_validity = true;
113 $outputdata .= "\$client_certificate_valid_in_days = \"$clientCertValidity\";\n";
116 $outputdata .= $line;
119 if ($wrote_key === false || $wrote_crt === false ||
120 $wrote_enable === false || $wrote_validity === false) {
122 $outputdata .= "<?php\n";
124 if ($wrote_key === false) {
125 $outputdata .= "\$certificate_authority_key = \"$Authority_key\";\n";
127 if ($wrote_crt == false) {
128 $outputdata .= "\$certificate_authority_crt = \"$Authority_crt\";\n";
130 if ($wrote_enable === false) {
131 $outputdata .= "\$is_client_ssl_enabled = $isClientAuthenticationEnabled;\n";
133 if ($wrote_validity === false) {
134 $outputdata .= "\$client_certificate_valid_in_days = \"$clientCertValidity\";\n";
136 $outputdata .= "\n?>\n";
139 // Write the modified globals.php back to disk
140 $fd = @fopen($globals_file, 'w');
142 $error_msg .= xl('Error, unable to open file', 'e') . ' ' . $globals_file;
145 fwrite($fd, $outputdata);
148 $GLOBALS['is_client_ssl_enabled'] = ($isClientAuthenticationEnabled == "true");
149 $GLOBALS['certificate_authority_crt'] = $Authority_crt;
150 $GLOBALS['certificate_authority_key'] = $Authority_key;
155 * Send an http reply so that the browser downloads the given file.
156 * Delete the file once the download is completed.
157 * @param $filename - The file to download.
158 * @param $filetype - The type of file.
160 function download_file($filename, $filetype) {
162 header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
163 header("Cache-Control: private");
164 header("Content-Type: application/" . $filetype);
165 header("Content-Disposition: attachment; filename=" . basename($filename) . ";");
166 header("Content-Transfer-Encoding: binary");
167 header("Content-Length: " . filesize($filename));
174 /* This function is called when the "Create Client Certificate" button is clicked.
175 * Create and download a client certificate, given the following form inputs:
176 * client_cert_user - The username to store in the certificate
177 * client_cert_email - The email to store in the certificate
178 * A temporary certificate will be written to /tmp/openemr_client_cert.p12.
179 * If an error occurs, set the $error_msg (which is displayed later below).
181 function create_client_cert() {
184 if (!$GLOBALS['is_client_ssl_enabled']) {
185 $error_msg .= xl('Error, User Certificate Authentication is not enabled in OpenEMR', 'e');
189 if ($_POST["client_cert_user"]) { $user = formData('client_cert_user','P',true); }
190 if ($_POST["client_cert_email"]) { $email = formData('client_cert_email','P',true); }
191 $opensslconf = $GLOBALS['webserver_root'] . "/library/openssl.cnf";
193 $data = create_user_certificate($user, $email, $serial,
194 $GLOBALS['certificate_authority_crt'],
195 $GLOBALS['certificate_authority_key'],
196 $GLOBALS['client_certificate_valid_in_days']);
197 if ($data === false) {
198 $error_msg .= xl('Error, unable to create client certificate.', 'e');
202 $filename = $GLOBALS['temporary_files_dir'] . "/openemr_client_cert.p12";
203 $handle = fopen($filename, 'wt');
204 fwrite($handle, $data);
207 download_file($filename, "p12");
210 /* Delete the following temporary certificate files, if they exist:
211 * /tmp/CertificateAuthority.key
212 * /tmp/CertificateAuthority.crt
218 function delete_certificates() {
219 $tempDir = $GLOBALS['temporary_files_dir'];
220 $files = array("CertificateAuthority.key", "CertificateAuthority.crt",
221 "Server.key", "Server.crt", "admin.p12", "ssl.zip");
223 foreach ($files as $file) {
224 if (file_exists($file)) {
231 * Create and download the following certificates:
232 * - CertificateAuthority.key
233 * - CertificateAuthority.crt
237 * The following form inputs are used:
239 function create_and_download_certificates()
242 $tempDir = $GLOBALS['temporary_files_dir'];
244 $zipName = $tempDir . "/ssl.zip";
245 if (file_exists($zipName)) {
249 /* Retrieve the certificate name settings from the form input */
250 if ($_POST["commonName"]) { $commonName = formData('commonName','P',true); }
251 if ($_POST["emailAddress"]) { $emailAddress = formData('emailAddress','P',true); }
252 if ($_POST["countryName"]) { $countryName = formData('countryName','P',true); }
253 if ($_POST["stateOrProvinceName"]) { $stateOrProvinceName = formData('stateOrProvinceName','P',true); }
254 if ($_POST["localityName"]) { $localityName = formData('localityName','P',true); }
255 if ($_POST["organizationName"]) { $organizationName = formData('organizationName','P',true); }
256 if ($_POST["organizationalUnitName"]) { $organizationName = formData('organizationalUnitName','P',true); }
257 if ($_POST["clientCertValidity"]) { $clientCertValidity = formData('clientCertValidity','P',true); }
260 /* Create the Certficate Authority (CA) */
261 $arr = create_csr("OpenEMR CA for " . $commonName, $emailAddress, $countryName, $stateOrProvinceName,$localityName, $organizationName, $organizationalUnitName);
263 if ($arr === false) {
264 $error_msg .= xl('Error, unable to create the Certificate Authority certificate.', 'e');
265 delete_certificates();
270 $ca_crt = create_crt($ca_key, $ca_csr, NULL, $ca_key);
271 if ($ca_crt === false) {
272 $error_msg .= xl('Error, unable to create the Certificate Authority certificate.', 'e');
273 delete_certificates();
276 openssl_pkey_export_to_file($ca_key, $tempDir . "/CertificateAuthority.key");
277 openssl_x509_export_to_file($ca_crt, $tempDir . "/CertificateAuthority.crt");
279 /* Create the Server certificate */
280 $arr = create_csr($commonName, $emailAddress, $countryName, $stateOrProvinceName,
281 $localityName, $organizationName, $organizationalUnitName);
282 if ($arr === false) {
283 $error_msg .= xl('Error, unable to create the Server certificate.', 'e');
284 delete_certificates();
288 $server_csr = $arr[0];
289 $server_key = $arr[1];
290 $server_crt = create_crt($server_key, $server_csr, $ca_crt, $ca_key);
292 if (server_crt
=== false) {
293 $error_msg .= xl('Error, unable to create the Server certificate.', 'e');
294 delete_certificates();
298 openssl_pkey_export_to_file($server_key, $tempDir . "/Server.key");
299 openssl_x509_export_to_file($server_crt, $tempDir . "/Server.crt");
301 /* Create the client certificate for the 'admin' user */
303 $res = sqlStatement("select id from users where username='admin'");
304 if ($row = sqlFetchArray($res)) {
305 $serial = $row['id'];
308 $user_cert = create_user_certificate("admin", $emailAddress, $serial,
309 $tempDir . "/CertificateAuthority.crt",
310 $tempDir . "/CertificateAuthority.key",
311 $clientCertValidity);
312 if ($user_cert === false) {
313 $error_msg .= xl('Error, unable to create the admin.p12 certificate.', 'e');
314 delete_certificates();
317 $adminFile = $tempDir . "/admin.p12";
318 $handle = fopen($adminFile, 'w');
319 fwrite($handle, $user_cert);
322 /* Create a zip file containing the CertificateAuthority, Server, and admin files */
324 if (! (class_exists('ZipArchive')) ) {
325 $_SESSION["zip_error"]="Error, Class ZipArchive does not exist";
329 $zip = new ZipArchive
;
331 $_SESSION["zip_error"]="Error, Could not create file archive";
335 if ($zip->open($zipName, ZIPARCHIVE
::CREATE
)) {
336 $files = array("CertificateAuthority.key", "CertificateAuthority.crt",
337 "Server.key", "Server.crt", "admin.p12");
338 foreach ($files as $file) {
339 $zip->addFile($tempDir . "/" . $file, $file);
343 $_SESSION["zip_error"]="Error, unable to create zip file with all the certificates";
348 if(ini_get('zlib.output_compression')) {
349 ini_set('zlib.output_compression', 'Off');
352 catch (Exception
$e) {
353 $_SESSION["zip_error"]="Error, Could not create file archive";
357 download_file($zipName, "zip");
362 if (!acl_check('admin', 'users')) {
366 /*if ($_POST["mode"] == "save_ssl_settings") {
367 save_certificate_settings();
370 if ($_POST["mode"] == "create_client_certificate") {
371 create_client_cert();
373 else if ($_POST["mode"] == "download_certificates") {
374 create_and_download_certificates();
381 <script language
="Javascript">
384 /* If Enable User Certificate Authentication is set to "Yes", check the following:
385 * - The Client certificate validation period is > 0
386 * - The CertificateAuthority.key path is not empty
387 * - The CertificateAuthority.crt path is not empty
389 /*function save_click() {
390 if (document.ssl_frm.isClientAuthenticationEnabled[0].checked) {
391 if(document.ssl_certificate_frm.clientCertValidity.value > 0) {
392 document.ssl_frm.clientCertValidity_hidden.value = document.ssl_certificate_frm.clientCertValidity.value;
395 alert("<?php xl('Client certificate validity should be a valid number.', 'e'); ?>");
396 document.ssl_certificate_frm.clientCertValidity.focus();
399 if (document.ssl_frm.cakey_location.value == "") {
400 alert ("<?php xl('Certificate Authority key file location cannot be empty', 'e'); ?>");
401 document.ssl_frm.cakey_location.focus();
405 if (document.ssl_frm.cacrt_location.value == "") {
406 alert ("<?php xl('Certificate Authority crt file location cannot be empty', 'e'); ?>");
407 document.ssl_frm.cacrt_location.focus();
414 //check whether email id is valid or not
415 function checkEmail(email
) {
419 var lat
=str
.indexOf(at
);
421 var ldot
=str
.indexOf(dot
);
422 if (str
.indexOf(at
)==-1){
426 if (str
.indexOf(at
)==-1 || str
.indexOf(at
)==0 || str
.indexOf(at
)==lstr
){
430 if (str
.indexOf(dot
)==-1 || str
.indexOf(dot
)==0 || str
.indexOf(dot
)==lstr
){
434 if (str
.indexOf(at
,(lat+
1))!=-1){
438 if (str
.substring(lat
-1,lat
)==dot || str
.substring(lat+
1,lat+
2)==dot
){
442 if (str
.indexOf(dot
,(lat+
2))==-1){
446 if (str
.indexOf(" ")!=-1){
452 function download_click(){
453 if (document
.ssl_certificate_frm
.commonName
.value
== "") {
454 alert ("<?php xl('Host Name cannot be empty', 'e'); ?>");
455 document
.ssl_certificate_frm
.commonName
.focus();
459 if (document
.ssl_certificate_frm
.emailAddress
.value
) {
460 //call checkEmail function
461 if(checkEmail(document
.ssl_certificate_frm
.emailAddress
.value
) == false){
462 alert ("<?php xl('Provide valid Email Address', 'e'); ?>");
467 if (document
.ssl_certificate_frm
.countryName
.value
.length
> 2) {
468 alert ("<?php xl('Country Name should be represent in two letters. (Example: United States is US)', 'e'); ?>");
469 document
.ssl_certificate_frm
.countryName
.focus();
472 if (document
.ssl_certificate_frm
.clientCertValidity
.value
< 1) {
473 alert ("<?php xl('Client certificate validity should be a valid number.', 'e'); ?>");
474 document
.ssl_certificate_frm
.clientCertValidity
.focus();
478 function create_client_certificate_click(){
480 /*if(document.ssl_frm.isClientAuthenticationEnabled[1].checked == true)
482 alert ("<?php xl('User Certificate Authentication is disabled', 'e'); ?>");
486 if (document
.client_cert_frm
.client_cert_user
.value
== "") {
487 alert ("<?php xl('User name or Host name cannot be empty', 'e'); ?>");
488 document
.ssl_certificate_frm
.commonName
.focus();
491 if (document
.client_cert_frm
.client_cert_email
.value
) {
492 //call checkEmail function
493 if(checkEmail(document
.client_cert_frm
.client_cert_email
.value
) == false){
494 alert ("<?php xl('Provide valid Email Address', 'e'); ?>");
500 function isNumberKey(evt
) {
501 var charCode
= (evt
.which
) ? evt
.which
: evt
.keyCode
502 if (charCode
> 31 && (charCode
< 48 || charCode
> 57))
510 <link rel
="stylesheet" href
="<?php echo $css_header;?>" type
="text/css">
511 <style type
="text/css">
521 <body
class="body_top">
522 <span
class='title'><b
><?php
xl('SSL Certificate Administration', 'e'); ?
></b
></span
>
524 <?php
if($_SESSION["zip_error"]) { ?
>
525 <div
> <table align
="center" >
526 <tr valign
="top"> <td rowspan
="3"> <?php
echo "<font class='redtext'>" . xl($_SESSION["zip_error"]) ?
> </td
> </tr
>
528 unset($_SESSION["zip_error"]); ?
></div
>
532 if ($error_msg != "") {
533 echo "<font class='redtext'>" . $error_msg . "</font><br><br>";
536 <?php
xl('To setup https access with client certificate authentication, do the following', 'e'); ?
>
538 <li
><?php
xl('Create the SSL Certificate Authority and Server certificates.', 'e'); ?
>
539 <li
><?php
xl('Configure Apache to use HTTPS.', 'e'); ?
>
540 <li
><?php
xl('Configure Apache and OpenEMR to use Client side SSL certificates.', 'e'); ?
>
541 <li
><?php
xl('Import certificate to the browser.', 'e'); ?
>
542 <li
><?php
xl('Create a Client side SSL certificate for each user or client machine.', 'e'); ?
>
546 if ($GLOBALS['certificate_authority_crt'] != "" && $GLOBALS['is_client_ssl_enabled']) {
547 xl('OpenEMR already has a Certificate Authority configured.', 'e');
550 <form method
='post' name
=ssl_certificate_frm action
='ssl_certificates_admin.php'>
551 <input type
='hidden' name
='mode' value
='download_certificates'>
552 <div
class='borderbox'>
553 <b
><?php
xl('Create the SSL Certificate Authority and Server certificates.', 'e'); ?
></b
><br
>
555 1. <?php
xl('Fill in the values below', 'e'); ?
><br
>
556 2. <?php
xl('Click Download Certificate to download the certificates in the file ssl.zip', 'e'); ?
> <br
>
557 3. <?php
xl('Extract the zip file', 'e'); echo ": ssl.zip "; ?
><br
></br
>
558 <?php
xl('The zip file will contain the following items', 'e'); ?
> <br
>
560 <li
>Server
.crt
: <?php
xl('The Apache SSL server certificate and public key', 'e'); ?
>
561 <li
>Server
.key
: <?php
xl('The corresponding private key', 'e'); ?
>
562 <li
>CertificateAuthority
.crt
: <?php
xl('The Certificate Authority certificate', 'e'); ?
>
563 <li
>CertificateAuthority
.key
: <?php
xl('The corresponding private key', 'e'); ?
>
564 <li
>admin
.p12
: <?php
xl('A client certificate for the admin user', 'e'); ?
>
568 <td
><?php
xl('Host Name', 'e'); ?
> *:</td
>
569 <td
><input name
='commonName' type
='text' value
=''></td
>
570 <td
><?php
xl('Example', 'e') ; echo ': hostname.domain.com'; ?
></td
>
573 <td
><?php
xl('Email Address', 'e'); ?
>:</td
>
574 <td
><input name
='emailAddress' type
='text' value
=''></td
>
575 <td
><?php
xl('Example', 'e') ; echo ': web_admin@domain.com'; ?
></td
>
578 <td
><?php
xl('Organization Name', 'e'); ?
>:</td
>
579 <td
><input name
='organizationName' type
='text' value
=''></td
>
580 <td
><?php
xl('Example', 'e'); echo ': My Company Ltd'; ?
></td
>
583 <td
><?php
xl('Organizational Unit Name', 'e'); ?
>:</td
>
584 <td
><input name
='organizationalUnitName' type
='text' value
=''></td
>
585 <td
><?php
xl('Example', 'e'); echo ': OpenEMR'; ?
></td
>
588 <td
><?php
xl('Locality', 'e'); ?
>:</td
>
589 <td
><input name
='localityName' type
='text' value
=''></td
>
590 <td
><?php
xl('Example', 'e') ; echo ': City'; ?
></td
>
593 <td
><?php
xl('State Or Province', 'e'); ?
>:</td
>
594 <td
><input name
='stateOrProvinceName' type
='text' value
=''></td
>
595 <td
><?php
xl('Example', 'e') ; echo ': California'; ?
></td
>
598 <td
><?php
xl('Country', 'e'); ?
>:</td
>
599 <td
><input name
='countryName' type
='text' value
='' maxlength
='2'></td
>
600 <td
><?php
xl('Example', 'e'); echo ': US'; echo ' ('; xl('Should be two letters', 'e'); echo ')'; ?
></td
>
603 <td
><?php
xl('Client certificate validation period', 'e'); ?
>:</td
>
604 <td
><input name
='clientCertValidity' type
='text' onkeypress
='return isNumberKey(event)' value
='365'></td
>
605 <td
><?php
xl('days', 'e'); ?
></td
>
608 <td colspan
=3 align
='center'>
609 <input name
='sslcrt' type
='submit' onclick
='return download_click();' value
='<?php xl('Download Certificates
', 'e
'); ?>'>
617 <div
class="borderbox">
618 <b
><?php
xl('Configure Apache to use HTTPS.', 'e'); ?
></b
><br
>
620 <?php
xl('Add new certificates to the Apache configuration file', 'e'); ?
>:<br
>
623 SSLCertificateFile
/path
/to
/Server
.crt
<br
>
624 SSLCertificateKeyFile
/path
/to
/Server
.key
<br
>
625 SSLCACertificateFile
/path
/to
/CertificateAuthority
.crt
<br
>
627 <?php
xl('Note','e'); ?
>:
629 <li
><?php
xl('To Enable only HTTPS, perform the above changes and restart Apache server. If you want to configure client side certificates also, please configure them in the next section.', 'e'); ?
></br
>
630 <li
> <?php
xl('To Disable HTTPS, comment the above lines in Apache configuration file and restart Apache server.', 'e'); ?
>
635 <div
class="borderbox">
636 <form name
='ssl_frm' method
='post'>
637 <b
><?php
xl('Configure Apache to use Client side SSL certificates', 'e'); ?
> </b
>
639 <?php
xl('Add following lines to the Apache configuration file', 'e'); ?
>:<br
>
641 SSLVerifyClient
require<br
>
643 SSLOptions +StdEnvVars
<br
>
644 <!--/br
> <b
><?php
xl('Configure Openemr to use Client side SSL certificates', 'e'); ?
> </b
></br
>
645 <input type
='hidden' name
='clientCertValidity_hidden' value
=''>
646 <input type
='hidden' name
='mode' value
='save_ssl_settings'></br
>
647 <table cellpadding
=0 cellspacing
=0>
649 <td
><?php
xl('Enable User Certificate Authentication', 'e'); ?
>:</td
>
651 <input name
='isClientAuthenticationEnabled' type
='radio' value
='Yes'
652 <?php
if ($GLOBALS['is_client_ssl_enabled']) echo "checked"; ?
> > <?php
xl('Yes', 'e'); ?
>
653 <input name
='isClientAuthenticationEnabled' type
='radio' value
='No' <?php
if (!$GLOBALS['is_client_ssl_enabled']) echo "checked"; ?
> > <?php
xl('No', 'e'); ?
>
656 <tr
><td
> 
;</td
></tr
>
658 <td
>CertificateAuthority
.key
<?php
xl('file location', 'e'); ?
>: </td
>
660 <input type
='hidden' name
='hiden_cakey' />
661 <input name
='cakey_location' type
='text' size
=20 value
='<?php echo $GLOBALS['certificate_authority_key
'] ?>' /> (<?php
xl('Provide absolute path', 'e'); ?
>)
665 <td
>CertificateAuthority
.crt
<?php
xl('file location', 'e'); ?
>: </td
>
667 <input type
='hidden' name
='hiden_cacrt' />
668 <input name
='cacrt_location' type
=text size
=20 value
='<?php echo $GLOBALS['certificate_authority_crt
'] ?>'/> (<?php
xl('Provide absolute path', 'e'); ?
>)
673 <input type
='submit' value
='<?php xl('Save Certificate Settings
', 'e
'); ?>' onclick
='return save_click();'-->
674 </br
> <b
><?php
xl('Configure Openemr to use Client side SSL certificates', 'e'); ?
> </b
></br
>
675 <input type
='hidden' name
='clientCertValidity_hidden' value
=''>
678 <?php
xl('Update the following variables in file', 'e'); ?
>: globals
.php
</br
></br
>
679 <?php
xl('To enable Client side ssl certificates', 'e'); ?
></br
>
680 <?php
xl('Set', 'e'); ?
> 'is_client_ssl_enabled' <?php
xl('to', 'e'); ?
> 'true' </br
></br
>
681 <?php
xl('Provide absolute path of file', 'e'); ?
> CertificateAuthority
.key
</br
>
682 <?php
xl('Set', 'e'); ?
> 'certificate_authority_key' <?php
xl('to absolute path of file', 'e'); ?
> 'CertificateAuthority.key'</br
></br
>
683 <?php
xl('Provide absolute path of file', 'e'); ?
> CertificateAuthority
.crt
</br
>
684 <?php
xl('Set', 'e'); ?
> 'certificate_authority_crt' <?php
xl('to absolute path of file', 'e'); ?
> 'CertificateAuthority.crt'</br
>
686 </br
><?php
xl('Note','e'); ?
>:
688 <li
><?php
xl('To Enable Client side SSL certificates authentication, HTTPS should be enabled.', 'e'); ?
>
689 <li
><?php
xl('After performing above configurations, import the admin client certificate to the browser and restart Apache server (empty password).', 'e'); ?
>
690 <li
><?php
xl('To Disable client side SSL certificates, comment above lines in Apache configuration file and set', 'e'); ?
> 'false' <?php
xl('for variable', 'e'); ?
> 'is_client_ssl_enabled' (globals
.php
) <?php
xl('and restart Apache server.', 'e'); ?
>
694 <div
class="borderbox">
695 <b
><?php
xl('Create Client side SSL certificates', 'e'); ?
></b
><br
>
697 <?php
xl('Create a client side SSL certificate for either a user or a client hostname.', 'e'); ?
>
700 if (!$GLOBALS['is_client_ssl_enabled'] ||
701 $GLOBALS['certificate_authority_crt'] == "") {
702 echo "<font class='redtext'>" . xl('OpenEMR must be configured to use certificates before it can create client certificates.', 'e') . "</font><br>";
705 <form name
='client_cert_frm' method
='post' action
='ssl_certificates_admin.php'>
706 <input type
='hidden' name
='mode' value
='create_client_certificate'>
709 <td
><?php
xl('User or Host name', 'e'); ?
>*:</td
>
710 <td
><input type
='text' name
='client_cert_user' size
=20 />
713 <td
><?php
xl('Email', 'e'); ?
>:</td
>
714 <td
><input type
='text' name
='client_cert_email' size
=20 />
717 </br
> <input type
='submit' onclick
='return create_client_certificate_click();' value
='<?php xl('Create Client Certificate
', 'e
'); ?>'>