mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-11-23 06:34:54 +03:00
Added automatic key usage fix for root cert
This commit is contained in:
parent
94a17e38b4
commit
828d1a5cc2
@ -418,6 +418,21 @@ module.exports.CertificateOperations = function (parent) {
|
||||
var rootPrivateKey = obj.fileLoad("root-cert-private.key", "utf8");
|
||||
r.root = { cert: rootCertificate, key: rootPrivateKey };
|
||||
rcount++;
|
||||
|
||||
// Check if the root certificate has the "Certificate Signing (04)" Key usage.
|
||||
// This option is required for newer versions of Intel AMT for CIRA/WS-EVENTS.
|
||||
var xroot = obj.pki.certificateFromPem(rootCertificate);
|
||||
var xext = xroot.getExtension("keyUsage");
|
||||
if ((xext == null) || (xext.keyCertSign !== true)) {
|
||||
// We need to fix this certificate
|
||||
console.log('Fixing root certificate to add signing key usage...');
|
||||
obj.fs.writeFileSync(parent.getConfigFilePath("root-cert-public-backup.crt"), rootCertificate);
|
||||
xroot.setExtensions([{ name: "basicConstraints", cA: true }, { name: "subjectKeyIdentifier" }, { name: "keyUsage", keyCertSign: true }]);
|
||||
var xrootPrivateKey = obj.pki.privateKeyFromPem(rootPrivateKey);
|
||||
xroot.sign(xrootPrivateKey, obj.forge.md.sha384.create());
|
||||
r.root.cert = obj.pki.certificateToPem(xroot);
|
||||
try { obj.fs.writeFileSync(parent.getConfigFilePath("root-cert-public.crt"), r.root.cert); } catch (ex) { }
|
||||
}
|
||||
}
|
||||
|
||||
if (args.tlsoffload) {
|
||||
|
@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "meshcentral",
|
||||
"version": "0.4.4-a",
|
||||
"version": "0.4.4-b",
|
||||
"keywords": [
|
||||
"Remote Management",
|
||||
"Intel AMT",
|
||||
|
Loading…
Reference in New Issue
Block a user