Skip to content

Instantly share code, notes, and snippets.

@PiBa-NL
Created February 2, 2015 23:21
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save PiBa-NL/876a96d0007371a059c1 to your computer and use it in GitHub Desktop.
pfSense, pfx user certificate download php page
<?php
require_once("auth.inc");
require_once("config.inc");
require_once("certs.inc");
require_once("authgui.inc");// this ensures user is authenticated in pfSense.
$a_cert = $config['cert'];
$a_cacert = $config['ca'];
$id = $_GET['id'];
$pfx_encryptionkey = 'user-known-secret-value';
$cert = lookup_cert($id);
if ($cert) {
$exp_name = urlencode("{$cert['descr']}.cert.pfx");
$args = array();
$args['friendly_name'] = $cert['descr'];
$ca = lookup_ca($cert['caref']);
if ($ca)
$args['extracerts'] = openssl_x509_read(base64_decode($ca['crt']));
$res_crt = openssl_x509_read(base64_decode($cert['crt']));
$res_key = openssl_pkey_get_private(array(0 => base64_decode($cert['prv']) , 1 => ""));
$exp_data = "";
openssl_pkcs12_export($res_crt, $exp_data, $res_key, $pfx_encryptionkey, $args);
$exp_size = strlen($exp_data);
$exp_name = strtoupper($exp_name);
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment;filename=\"$exp_name\"");
header("Content-Length: $exp_size");
echo $exp_data;
exit;
}
?>
<html>
<body>
Page that allows for easy downloading of 'encrypted' pfx files for users from pfSense.<br/>
They are using the fixed password: '<?=$pfx_encryptionkey?>'.<br/>
<br/>
<?
print_r($input_errors);
foreach($a_cert as $cert){
echo "<a href='?id={$cert[refid]}'>{$cert[descr]}</a><br/>";
}
?>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment