diff --git a/bin/v-change-sys-vesta-ssl b/bin/v-change-sys-vesta-ssl
new file mode 100755
index 00000000..2531714e
--- /dev/null
+++ b/bin/v-change-sys-vesta-ssl
@@ -0,0 +1,77 @@
+#!/bin/bash
+# info: change vesta ssl certificate
+# options: SSL_DIR [RESTART]
+#
+# The function changes vesta SSL certificate and the key.
+
+
+#----------------------------------------------------------#
+# Variable&Function #
+#----------------------------------------------------------#
+
+# Argument definition
+domain='certificate'
+ssl_dir=$1
+restart=$2
+
+# Includes
+source $VESTA/func/main.sh
+source $VESTA/func/domain.sh
+source $VESTA/conf/vesta.conf
+
+
+#----------------------------------------------------------#
+# Verifications #
+#----------------------------------------------------------#
+
+check_args '1' "$#" 'SSL_DIR [RESTART]'
+is_format_valid 'ssl_dir'
+
+
+#----------------------------------------------------------#
+# Action #
+#----------------------------------------------------------#
+
+# Checking new certificate
+certificate=$(cat $ssl_dir/$domain.crt |grep -n END)
+certificate_count=$(echo "$certificate" |wc -l)
+if [ "$certificate_count" -gt 1 ]; then
+ crt_end=$(echo "$certificate" |head -n1 |cut -f 1 -d :)
+ crt_lines=$(wc -l $ssl_dir/$domain.crt |cut -f1 -d ' ')
+ pem_begin=$((crt_lines - crt_end))
+ mv $ssl_dir/$domain.crt $ssl_dir/$domain.crt_full
+ head -n $crt_end $ssl_dir/$domain.crt_full > $ssl_dir/$domain.crt
+ tail -n $pem_begin $ssl_dir/$domain.crt_full > $ssl_dir/$domain.ca
+ is_web_domain_cert_valid
+ mv -f $ssl_dir/$domain.crt_full $ssl_dir/$domain.crt
+ rm -f $ssl_dir/$domain.ca
+else
+ is_web_domain_cert_valid
+fi
+
+# Moving old certificate
+mv $VESTA/ssl/certificate.crt $VESTA/ssl/certificate.crt.back
+mv $VESTA/ssl/certificate.key $VESTA/ssl/certificate.key.back
+
+# Adding new certificate
+cp -f $ssl_dir/certificate.crt $VESTA/ssl/certificate.crt
+cp -f $ssl_dir/certificate.key $VESTA/ssl/certificate.key
+
+
+#----------------------------------------------------------#
+# Vesta #
+#----------------------------------------------------------#
+
+# Restarting web server
+if [ "$restart" != 'no' ]; then
+ kill -HUP $(cat /var/run/vesta-nginx.pid)
+ $BIN/v-restart-mail
+ if [ ! -z "$IMAP_SYSTEM" ]; then
+ v-restart-service "$IMAP_SYSTEM"
+ fi
+fi
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit
diff --git a/bin/v-list-sys-vesta-ssl b/bin/v-list-sys-vesta-ssl
new file mode 100755
index 00000000..f44e83a1
--- /dev/null
+++ b/bin/v-list-sys-vesta-ssl
@@ -0,0 +1,130 @@
+#!/bin/bash
+# info: list vesta ssl certificate
+# options: [FORMAT]
+#
+# The function of obtaining vesta ssl files.
+
+
+#----------------------------------------------------------#
+# Variable&Function #
+#----------------------------------------------------------#
+
+# Argument definition
+format=${1-shell}
+
+# Includes
+source $VESTA/func/main.sh
+
+# JSON list function
+json_list() {
+ echo '{'
+ echo -e "\t\"VESTA\": {"
+ echo " \"CRT\": \"$crt\","
+ echo " \"KEY\": \"$key\","
+ echo " \"CA\": \"$ca\","
+ echo " \"SUBJECT\": \"$subj\","
+ echo " \"ALIASES\": \"$alt_dns\","
+ echo " \"NOT_BEFORE\": \"$before\","
+ echo " \"NOT_AFTER\": \"$after\","
+ echo " \"SIGNATURE\": \"$signature\","
+ echo " \"PUB_KEY\": \"$pub_key\","
+ echo " \"ISSUER\": \"$issuer\""
+ echo -e "\t}\n}"
+}
+
+# SHELL list function
+shell_list() {
+ if [ ! -z "$crt" ]; then
+ echo -e "$crt"
+ fi
+ if [ ! -z "$key" ]; then
+ echo -e "\n$key"
+ fi
+ if [ ! -z "$crt" ]; then
+ echo
+ echo
+ echo "SUBJECT: $subj"
+ if [ ! -z "$alt_dns" ]; then
+ echo "ALIASES: ${alt_dns//,/ }"
+ fi
+ echo "VALID FROM: $before"
+ echo "VALID TIL: $after"
+ echo "SIGNATURE: $signature"
+ echo "PUB_KEY: $pub_key"
+ echo "ISSUER: $issuer"
+ fi
+}
+
+# PLAIN list function
+plain_list() {
+ if [ ! -z "$crt" ]; then
+ echo -e "$crt"
+ fi
+ if [ ! -z "$key" ]; then
+ echo -e "\n$key"
+ fi
+ if [ ! -z "$ca" ]; then
+ echo -e "\n$ca"
+ fi
+ if [ ! -z "$crt" ]; then
+ echo "$subj"
+ echo "${alt_dns//,/ }"
+ echo "$before"
+ echo "$after"
+ echo "$signature"
+ echo "$pub_key"
+ echo "$issuer"
+ fi
+
+}
+
+# CSV list function
+csv_list() {
+ echo -n "CRT,KEY,CA,SUBJECT,ALIASES,NOT_BEFORE,NOT_AFTER,SIGNATURE,"
+ echo "PUB_KEY,ISSUER"
+ echo -n "\"$crt\",\"$key\",\"$ca\",\"$subj\",\"${alt_dns//,/ }\","
+ echo "\"$before\",\"$after\",\"$signature\",\"$pub_key\",\"$issuer\""
+}
+
+
+#----------------------------------------------------------#
+# Verifications #
+#----------------------------------------------------------#
+
+
+
+#----------------------------------------------------------#
+# Action #
+#----------------------------------------------------------#
+
+# Parsing SSL certificate
+crt=$(cat $VESTA/ssl/certificate.crt |sed ':a;N;$!ba;s/\n/\\n/g')
+key=$(cat $VESTA/ssl/certificate.crt |sed ':a;N;$!ba;s/\n/\\n/g')
+
+# Parsing SSL certificate details without CA
+info=$(openssl x509 -text -in $VESTA/ssl/certificate.crt)
+subj=$(echo "$info" |grep Subject: |cut -f 2 -d =)
+before=$(echo "$info" |grep Before: |sed -e "s/.*Before: //")
+after=$(echo "$info" |grep "After :" |sed -e "s/.*After : //")
+signature=$(echo "$info" |grep "Algorithm:" |head -n1 )
+signature=$(echo "$signature"| sed -e "s/.*Algorithm: //")
+pub_key=$(echo "$info" |grep Public-Key: |cut -f2 -d \( | tr -d \))
+issuer=$(echo "$info" |grep Issuer: |sed -e "s/.*Issuer: //")
+alt_dns=$(echo "$info" |grep DNS |sed -e 's/DNS:/\n/g' |tr -d ',')
+alt_dns=$(echo "$alt_dns" |tr -d ' ' |sed -e "/^$/d")
+alt_dns=$(echo "$alt_dns" |sed -e ':a;N;$!ba;s/\n/,/g')
+
+# Listing data
+case $format in
+ json) json_list ;;
+ plain) plain_list ;;
+ csv) csv_list ;;
+ shell) shell_list ;;
+esac
+
+
+#----------------------------------------------------------#
+# Vesta #
+#----------------------------------------------------------#
+
+exit
diff --git a/web/edit/server/index.php b/web/edit/server/index.php
index 9010ab77..14f4f672 100644
--- a/web/edit/server/index.php
+++ b/web/edit/server/index.php
@@ -78,6 +78,21 @@ foreach ($backup_types as $backup_type) {
}
}
+// List ssl certificate info
+exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var);
+$ssl_str = json_decode(implode('', $output), true);
+unset($output);
+$v_ssl_crt = $ssl_str['VESTA']['CRT'];
+$v_ssl_key = $ssl_str['VESTA']['KEY'];
+$v_ssl_ca = $ssl_str['VESTA']['CA'];
+$v_ssl_subject = $ssl_str['VESTA']['SUBJECT'];
+$v_ssl_aliases = $ssl_str['VESTA']['ALIASES'];
+$v_ssl_not_before = $ssl_str['VESTA']['NOT_BEFORE'];
+$v_ssl_not_after = $ssl_str['VESTA']['NOT_AFTER'];
+$v_ssl_signature = $ssl_str['VESTA']['SIGNATURE'];
+$v_ssl_pub_key = $ssl_str['VESTA']['PUB_KEY'];
+$v_ssl_issuer = $ssl_str['VESTA']['ISSUER'];
+
// Check POST request
if (!empty($_POST['save'])) {
@@ -178,7 +193,6 @@ if (!empty($_POST['save'])) {
}
}
-
// Update webmail url
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_mail_url'] != $_SESSION['MAIL_URL']) {
@@ -231,7 +245,6 @@ if (!empty($_POST['save'])) {
}
}
-
// Change backup gzip level
if (empty($_SESSION['error_msg'])) {
if ($_POST['v_backup_gzip'] != $v_backup_gzip ) {
@@ -323,7 +336,6 @@ if (!empty($_POST['save'])) {
}
}
-
// Delete remote backup host
if (empty($_SESSION['error_msg'])) {
if ((empty($_POST['v_backup_host'])) && (!empty($v_backup_host))) {
@@ -340,6 +352,49 @@ if (!empty($_POST['save'])) {
}
}
+ // Update SSL certificate
+ if ((!empty($_POST['v_ssl_crt'])) && (empty($_SESSION['error_msg']))) {
+ if (($v_ssl_crt != str_replace("\r\n", "\n", $_POST['v_ssl_crt'])) || ($v_ssl_key != str_replace("\r\n", "\n", $_POST['v_ssl_key']))) {
+ exec ('mktemp -d', $mktemp_output, $return_var);
+ $tmpdir = $mktemp_output[0];
+
+ // Certificate
+ if (!empty($_POST['v_ssl_crt'])) {
+ $fp = fopen($tmpdir."/certificate.crt", 'w');
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_crt']));
+ fwrite($fp, "\n");
+ fclose($fp);
+ }
+
+ // Key
+ if (!empty($_POST['v_ssl_key'])) {
+ $fp = fopen($tmpdir."/certificate.key", 'w');
+ fwrite($fp, str_replace("\r\n", "\n", $_POST['v_ssl_key']));
+ fwrite($fp, "\n");
+ fclose($fp);
+ }
+
+ exec (VESTA_CMD."v-change-sys-vesta-ssl ".$tmpdir, $output, $return_var);
+ check_return_code($return_var,$output);
+ unset($output);
+
+ // List ssl certificate info
+ exec (VESTA_CMD."v-list-sys-vesta-ssl json", $output, $return_var);
+ $ssl_str = json_decode(implode('', $output), true);
+ unset($output);
+ $v_ssl_crt = $ssl_str['VESTA']['CRT'];
+ $v_ssl_key = $ssl_str['VESTA']['KEY'];
+ $v_ssl_ca = $ssl_str['VESTA']['CA'];
+ $v_ssl_subject = $ssl_str['VESTA']['SUBJECT'];
+ $v_ssl_aliases = $ssl_str['VESTA']['ALIASES'];
+ $v_ssl_not_before = $ssl_str['VESTA']['NOT_BEFORE'];
+ $v_ssl_not_after = $ssl_str['VESTA']['NOT_AFTER'];
+ $v_ssl_signature = $ssl_str['VESTA']['SIGNATURE'];
+ $v_ssl_pub_key = $ssl_str['VESTA']['PUB_KEY'];
+ $v_ssl_issuer = $ssl_str['VESTA']['ISSUER'];
+ }
+ }
+
// Flush field values on success
if (empty($_SESSION['error_msg'])) {
$_SESSION['ok_msg'] = __('Changes has been saved.');
@@ -375,7 +430,6 @@ if (!empty($_POST['save'])) {
}
}
-
// activating filemanager licence
if (empty($_SESSION['error_msg'])) {
if($_SESSION['FILEMANAGER_KEY'] != $_POST['v_filemanager_licence'] && $_POST['v_filemanager'] == 'yes'){
@@ -410,11 +464,14 @@ if (!empty($_POST['save'])) {
// Check system configuration
exec (VESTA_CMD . "v-list-sys-config json", $output, $return_var);
$data = json_decode(implode('', $output), true);
+unset($output);
+
$sys_arr = $data['config'];
foreach ($sys_arr as $key => $value) {
$_SESSION[$key] = $value;
}
+
// Render page
render_page($user, $TAB, 'edit_server');
diff --git a/web/templates/admin/edit_server.html b/web/templates/admin/edit_server.html
index ca238ab1..cbed81f5 100644
--- a/web/templates/admin/edit_server.html
+++ b/web/templates/admin/edit_server.html
@@ -576,6 +576,106 @@
+
+
+
+ 
+
+ |
+
+
+
+
+
+ |
+
+ |
+
+
+ |
+
+ |
+
+
+ |
+
+ |
+
+
+ |
+
+ |
+
+
+
+
+
+ |
+ :
+ |
+
+
+ |
+
+
+
+ |
+ :
+ |
+
+
+ |
+
+
+
+ |
+ :
+ |
+
+
+ |
+
+
+ |
+ :
+ |
+
+
+ |
+
+
+ |
+ :
+ |
+
+
+ |
+
+
+
+ |
+ :
+ |
+
+
+ |
+
+
+ |
+
+ |
+
+
+ |
+
+
+ |
+
+
+ |
+
+
+
|
|