Added automatic key usage fix for root cert

This commit is contained in:
Ylian Saint-Hilaire 2019-11-14 16:10:16 -08:00
parent 94a17e38b4
commit 828d1a5cc2
2 changed files with 16 additions and 1 deletions

View File

@ -418,6 +418,21 @@ module.exports.CertificateOperations = function (parent) {
var rootPrivateKey = obj.fileLoad("root-cert-private.key", "utf8");
r.root = { cert: rootCertificate, key: rootPrivateKey };
rcount++;
// Check if the root certificate has the "Certificate Signing (04)" Key usage.
// This option is required for newer versions of Intel AMT for CIRA/WS-EVENTS.
var xroot = obj.pki.certificateFromPem(rootCertificate);
var xext = xroot.getExtension("keyUsage");
if ((xext == null) || (xext.keyCertSign !== true)) {
// We need to fix this certificate
console.log('Fixing root certificate to add signing key usage...');
obj.fs.writeFileSync(parent.getConfigFilePath("root-cert-public-backup.crt"), rootCertificate);
xroot.setExtensions([{ name: "basicConstraints", cA: true }, { name: "subjectKeyIdentifier" }, { name: "keyUsage", keyCertSign: true }]);
var xrootPrivateKey = obj.pki.privateKeyFromPem(rootPrivateKey);
xroot.sign(xrootPrivateKey, obj.forge.md.sha384.create());
r.root.cert = obj.pki.certificateToPem(xroot);
try { obj.fs.writeFileSync(parent.getConfigFilePath("root-cert-public.crt"), r.root.cert); } catch (ex) { }
}
}
if (args.tlsoffload) {

View File

@ -1,6 +1,6 @@
{
"name": "meshcentral",
"version": "0.4.4-a",
"version": "0.4.4-b",
"keywords": [
"Remote Management",
"Intel AMT",