Added automatic key usage fix for root cert

2024-11-27 02:04:30 +03:00 · 2019-11-14 16:10:16 -08:00 · 2019-11-14 16:10:16 -08:00 · 828d1a5cc2
commit 828d1a5cc2
parent 94a17e38b4
2 changed files with 16 additions and 1 deletions
--- a/certoperations.js
+++ b/certoperations.js
@ -418,6 +418,21 @@ module.exports.CertificateOperations = function (parent) {
            var rootPrivateKey = obj.fileLoad("root-cert-private.key", "utf8");
            r.root = { cert: rootCertificate, key: rootPrivateKey };
            rcount++;
            // Check if the root certificate has the "Certificate Signing (04)" Key usage.
            // This option is required for newer versions of Intel AMT for CIRA/WS-EVENTS.
            var xroot = obj.pki.certificateFromPem(rootCertificate);
            var xext = xroot.getExtension("keyUsage");
            if ((xext == null) || (xext.keyCertSign !== true)) {
                // We need to fix this certificate
                console.log('Fixing root certificate to add signing key usage...');
                obj.fs.writeFileSync(parent.getConfigFilePath("root-cert-public-backup.crt"), rootCertificate);
                xroot.setExtensions([{ name: "basicConstraints", cA: true }, { name: "subjectKeyIdentifier" }, { name: "keyUsage", keyCertSign: true }]);
                var xrootPrivateKey = obj.pki.privateKeyFromPem(rootPrivateKey);
                xroot.sign(xrootPrivateKey, obj.forge.md.sha384.create());
                r.root.cert = obj.pki.certificateToPem(xroot);
                try { obj.fs.writeFileSync(parent.getConfigFilePath("root-cert-public.crt"), r.root.cert); } catch (ex) { }
            }
        }
        if (args.tlsoffload) {
--- a/package.json
+++ b/package.json
@ -1,6 +1,6 @@
 {
  "name": "meshcentral",
-  "version": "0.4.4-a",
+  "version": "0.4.4-b",
  "keywords": [
    "Remote Management",
    "Intel AMT",