Menu="OtherSettings"
Type="xmenu"
Title="Management Access"
Icon="icon-key"
Tag="expeditedssl"
---
/dev/null|sed -n 's/ *commonName *= //p'");
$certIssuer = exec("/usr/bin/openssl x509 -in $certFile -noout -text | sed -n -e 's/^.*Issuer: //p'");
$certExpires = exec("/usr/bin/openssl x509 -in $certFile -noout -text | sed -n -e 's/^.*Not After : //p'");
$isLegacyCert = preg_match('/.*\.unraid\.net$/', $certSubject);
$isWildcardCert = preg_match('/.*\.myunraid\.net$/', $certSubject);
$isLEcert = $isLegacyCert || $isWildcardCert;
$subjectURL = $certSubject;
if ($isLEcert) {
if ($isWildcardCert) $subjectURL = str_replace("*", str_replace(".", "-", $addr), $subjectURL);
exec("openssl x509 -checkend 2592000 -noout -in $certFile 2>/dev/null", $arrout, $retval_expired);
$options = $$ethX['PROTOCOL:0']=='ipv6' ? '-6 -t AAAA' : '-4 -t A';
$rebindtesturl = $isLegacyCert ? "rebindtest.unraid.net" : "rebindtest.myunraid.net";
$rebindtest_ip = exec("host $options $rebindtesturl 2>/dev/null|awk '{print \$4}'");
$dnsRebindingProtection = ($rebindtest_ip != $rebindip4);
if (!$dnsRebindingProtection) {
$certtest_ip = exec("host $options $subjectURL 2>/dev/null|awk '{print \$4}'");
$dnsValid = $certtest_ip==$addr;
}
// more: similar test for "www.$certSubject" dns valid goes here
}
$cert_time_format = $display['date'].($display['date']!='%c' ? ', '.str_replace(['%M','%R'],['%M:%S','%R:%S'],$display['time']):'');
}
$provisionlabel = $isLEcert ? _('Renew') : _('Provision');
$disabled_provision = $keyfile===false || ($isLEcert && $retval_expired===0) ? 'disabled' : '';
$disabled_updatedns = $keyfile!==false && $isLEcert ? '' : 'disabled';
$disabled_delete = $certPresent && $var['USE_SSL']!='auto' ? '' : 'disabled';
$disabled_auto = $isLEcert && !$dnsRebindingProtection && $dnsValid ? '' : 'disabled';
$upgradelabel = _('Upgrade Cert');
// Get ports in use
$portsInUse = [];
exec("lsof -Pni|awk '/LISTEN/ && \$9!~/127.0.0.1/ && \$9!~/\\[::1\\]/{print \$9}'|sort -u", $output);
$bind = false; //= $var['BIND_MGT']=='yes'; - not used in 6.10
$list = ['*',$addr];
foreach ($output as $line) {
[$ip, $port] = my_explode($line[0]=='[' ? ']:' : ':',$line);
if ($ip[0]=='[') $ip = substr($ip,1); // ipv6 address
if (!in_array($port,$portsInUse) && (!$bind || in_array($ip,$list))) $portsInUse[] = $port;
}
sort($portsInUse,SORT_NUMERIC);
?>