Charles ,
Here is the complete file, there are two additional calls to openssl after
the req is generated.
Brandon
#!/usr/bin/perl
# This script takes html form data and generates a pem encoded certificate
request.
MAIN: {
require "cgi-lib.pl";
use Expect;
#read in all the variables set by the form
&ReadParse(*input);
$organization = "OWL"; # hard code the Org field
$organization_unit = ""; # changed below
$new_state = ""; # state in case counrty us different from US
# Check to see if all the right fields are filled in
# And if they have requested a cert in the past.
print &PrintHeader;
print "<html><head><title>Generating Certificate Request...</title>\n";
print "<script language=\"Javascript\">\n";
print "<!--\n";
print " function goHome()\n";
print "{\n";
print " window.location=\"http://www.owl.test\"\;\n";;
print "}\n";
print "// -->\n";
print "</script>\n</head>\n<body>\n";
if ( -f "/var/www/cgi-bin/temp/$input{'email'}.p12") {
&CgiDie("Error: Certificate already in database\n","It appears you have
requested a certificate twice. This corrupted your previous certificate.
Please send mail to bamundson\(at)bbn.com so he can correct the problem. He
will then inform you to request a cert again.\n");
}
if ($input{'name'} ne "" &&
$input{'passwd'} ne "" &&
$input{'passwd2'} ne "" &&
($input{'passwd'} eq $input{'passwd2'}) &&
$input{'email'} ne "" &&
($input{'orgunit'} ne "" || $input{'orgunitother'} ne "") &&
$input{'city'} ne "" &&
(($input{'state'} ne "") || ($input{'country'} ne "US" && $input{'state'}
eq "")) &&
$input{'country'} ne "") {
#
# Check which orgunit to use and fix state country conflicts
#
if ($input{'orgunit'} ne "") {
$organization_unit = $input{'orgunit'};
}
else {
$organization_unit = $input{'orgunitother'};
}
if ($input{'country'} ne "US") {
$new_state = "none";
}
else {
$new_state = $input{'state'};
}
#
# Create the certificate and private key, put that in email_address.cert
# while using expect to interact with openssl...
#
#print &PrintHeader;
print "<pre>\r";
#$temp = /var/www/cgi-bin/temp;
$SSLEAY_CONFIG = "-config /usr/local/ssl/openssl.cnf"; #Define alternate
.cnf file
my $command_req;
$command_req = Expect->spawn("/usr/local/ssl/bin/openssl req
$SSLEAY_CONFIG -new -keyout ./temp/$input{'email'}.key -out
./temp/$input{'email'}.cert -days 1825");
if ( $command_req->expect(5, "phrase:")) {
print $command_req "$input{'passwd'}\r";
}
if ( $command_req->expect(5, "phrase:")) {
print $command_req "$input{'passwd'}\r";
}
if ( $command_req->expect(5, "\[US\]:") ) {
print $command_req "$input{'country'}\r";
}
if ( $command_req->expect(5, "\[Some-State\]:")) {
print $command_req "$input{'state'}\r";
}
if ( $command_req->expect(5, "city")) {
print $command_req "$input{'city'}\r";
}
if ( $command_req->expect(5, "Ltd\]:")) {
print $command_req "$organization\r";
}
if ( $command_req->expect(5, "section\) \[\]:")) {
print $command_req "$organization_unit\r";
}
if ( $command_req->expect(5, "name\) \[\]:")) {
print $command_req "$input{'name'}\r";
}
if ( $command_req->expect(5, "Address \[\]:")) {
print $command_req "$input{'email'}\r";
}
if ( $command_req->expect(5, "password \[\]:")) {
print $command_req "\r";
}
if ( $command_req->expect(5, "company name \[\]:")) {
print $command_req "\r";
}
#
# Now cat the 2 together to form the request
#
sleep 2;
`cat ./temp/$input{'email'}.key ./temp/$input{'email'}.cert >>
./temp/$input{'email'}.pem`;
#
sleep 1;
# Sign the certificate (and clean up some files)
#
`rm -f "./temp/$input{'email'}.cert"`;
print "\r\rCert AutoSigner v1.0...\r";
my $command_sign;
$command_sign = Expect->spawn("/usr/local/ssl/bin/openssl ca
$SSLEAY_CONFIG -policy policy_anything -out
./temp/$input{'email'}.pem.signed -infiles ./temp/$input{'email'}.pem");
if ( $command_sign->expect(5, "pass phrase:")) {
print $command_sign "passwordhere\r";
}
if ( $command_sign->expect(5, "certificate")) {
print $command_sign "y\r";
}
sleep 1;
if ( $command_sign->expect(5, "commit\? \[y\/n\]")) {
print $command_sign "y\r\r";
}
sleep 2;
#
# Convert the signed cert to a pkcs12 certificate so Netscape and IE can
import.
# (and clean up some files)
`rm -f "./temp/$input{'email'}.pem"`;
`cat ./temp/$input{'email'}.key ./temp/$input{'email'}.pem.signed >>
./temp/$input{'email'}.temp`;
sleep 3;
my $command_conv;
print "\r";
$command_conv = Expect->spawn("/usr/local/ssl/bin/openssl
pkcs12 -export -in ./temp/$input{'email'}.temp -out
./temp/$input{'email'}.p12 -name 'OWL Certificate for
$input{'email'}' -certfile /usr/local/ssl/misc/owl03CA/cacert.pem");
if ( $command_conv->expect(5, "pass phrase:")) {
print $command_conv "$input{'passwd'}\r";
}
if ( $command_conv->expect(5, "Export Password:")) {
print $command_conv "$input{'passwd'}\r";
}
if ( $command_conv->expect(5, "Export Password:")) {
print $command_conv "$input{'passwd'}\r";
}
#
`rm -f "./temp/$input{'email'}.key" "./temp/$input{'email'}.pem.signed"
"./temp/$input{'email'}.temp"`;
# E-mail bamundson(at)bbn.com and tell him he has a cert to approve.
`echo '$input{'email'} has a owl certificate request.' | mail -s
"certificate request" bamundson\(at)bbn.com `;
print "</pre>\r";
print "<font size=4><b>Your certificate was successfully
generated.<br>You will now be redirected to the owl homepage</b></font>\n";
print "<script language=\"JavaScript\">setTimeout('goHome()',
7000)</script>\n";
print "</HTML></BODY>\r\n";
}
else {
print "ERROR: You left a required field blank or your passwords didn't
match. Please go back and correct.\n";
print <<ENDOFTEXT;
<pre>
Your name is: +$input{'name'}+
Your password is: +********+
Your e-mail address is: +$input{'email'}+
Your Organization Unit is : +$organization_unit+
Your City is: +$input{'city'}+
Your State is: +$new_state+
Your Country is: +$input{'country'}+
</pre>
ENDOFTEXT
}
# Close the document cleanly.
print &HtmlBot;
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
