[1/2] vpnmain.cgi: Fixes bug13737 - increments the serial number to allow cert regen
Commit Message
- When the regeneration is carried out the existing cert, with serial number 01, is
revoked but when the new cert is created the serial number is still 01 causing error
messages about the new cert being revoked.
- This patch increments the serial number from 01 to 02 after the initial root/host
certificate set is created.
- Then when the olf cert is revoked the new one uses serial number 02 but also
automatically increments it again. So all future regenerations work without problems.
- Tested out on a physical IPFire system.
Fixes: bug13737
Tested-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
html/cgi-bin/vpnmain.cgi | 7 +++++++
1 file changed, 7 insertions(+)
@@ -1241,6 +1241,13 @@ END
exit(0);
ROOTCERT_SUCCESS:
+
+# Increment the serial number to 02 after root and host certificates are
+# created so that cert regeneration works.
+ open(FILE, ">${General::swroot}/certs/serial");
+ print FILE "02";
+ close FILE;
+
if (&vpnenabled) {
&General::system('/usr/local/bin/ipsecctrl', 'S');
sleep $sleepDelay;