etc: remove ssl config and revert weird type changes

Also update the certificate generation process and put in our info.  :)

usr/local/etc/inc/certs.inc

 <?php
-/* $Id$ */
+
 /*
 	Copyright (C) 2008 Shrew Soft Inc
 	Copyright (C) 2010 Jim Pingle <jimp@pfsense.org>
@@ -268,7 +268,7 @@ function cert_import(& $cert, $crt_str, $key_str) {
 	return true;
 }
 
-function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $digest_alg = "sha256") {
+function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $digest_alg = "sha256") {
 
 	$ca =& lookup_ca($caref);
 	if (!$ca)
@@ -281,18 +281,6 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di
 	if(!$ca_res_key) return false;
 	$ca_serial = ++$ca['serial'];
 
-	switch ($type) {
-		case "ca":
-			$cert_type = "v3_ca";
-			break;
-		case "server":
-			$cert_type = "server";
-			break;
-		default:
-			$cert_type = "usr_cert";
-			break;
-	}
-
 	// in case of using Subject Alternative Names use other sections (with postfix '_san')
 	// pass subjectAltName over environment variable 'SAN'
 	if ($dn['subjectAltName']) {
@@ -302,7 +290,7 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di
 	}
 
 	$args = array(
-		"x509_extensions" => $cert_type,
+		"x509_extensions" => "usr_cert",
 		"digest_alg" => $digest_alg,
 		"private_key_bits" => (int)$keylen,
 		"private_key_type" => OPENSSL_KEYTYPE_RSA,
@@ -330,7 +318,6 @@ function cert_create(& $cert, $caref, $keylen, $lifetime, $dn, $type="user", $di
 	$cert['caref'] = $caref;
 	$cert['crt'] = base64_encode($str_crt);
 	$cert['prv'] = base64_encode($str_key);
-	$cert['type'] = $type;
 
 	return true;
 }

usr/local/etc/inc/system.inc

@@ -862,12 +862,17 @@ function system_webgui_start() {
 			$cert = array();
 			$cert['refid'] = uniqid();
 			$cert['descr'] = gettext("webConfigurator default");
-			mwexec("/usr/bin/openssl genrsa 1024 > {$g['tmp_path']}/ssl.key");
-			mwexec("/usr/bin/openssl req -new -x509 -nodes -sha256 -days 2000 -key {$g['tmp_path']}/ssl.key > {$g['tmp_path']}/ssl.crt");
-			$crt = file_get_contents("{$g['tmp_path']}/ssl.crt");
-			$key = file_get_contents("{$g['tmp_path']}/ssl.key");
-			unlink("{$g['tmp_path']}/ssl.key");
-			unlink("{$g['tmp_path']}/ssl.crt");
+			/* mind the gap ->.<- */
+			$openssl_args  = ' req -new -newkey rsa:4096 -sha256';
+			$openssl_args .= ' -days 365 -nodes -x509';
+			$openssl_args .= ' -subj "/C=NL/ST=Zuid-Holland/L=Middelharnis/O=OPNsense"';
+			$openssl_args .= ' -keyout /tmp/ssl.key';
+			$openssl_args .= ' -out /tmp/ssl.crt';
+			mwexec('/usr/bin/openssl' . $openssl_args);
+			$crt = file_get_contents('/tmp/ssl.crt');
+			$key = file_get_contents('/tmp/ssl.key');
+			unlink('/tmp/ssl.key');
+			unlink('/tmp/ssl.crt');
 			cert_import($cert, $crt, $key);
 			$a_cert[] = $cert;
 			$config['system']['webgui']['ssl-certref'] = $cert['refid'];

usr/local/www/system_certmanager.php

 <?php
-/*
-    system_certmanager.php
 
+/*
     Copyright (C) 2008 Shrew Soft Inc.
     All rights reserved.
 
@@ -47,9 +46,6 @@ $cert_methods = array(
 );
 
 $cert_keylens = array( "512", "1024", "2048", "4096");
-$cert_types = array(	"ca" => "Certificate Authority",
-			"server" => "Server Certificate",
-			"user" => "User Certificate");
 
 $altname_types = array("DNS", "IP", "email", "URI");
 $openssl_digest_algs = array("sha1", "sha224", "sha256", "sha384", "sha512");
@@ -113,7 +109,6 @@ if ($act == "new") {
 	$pconfig['digest_alg'] = "sha256";
 	$pconfig['csr_keylen'] = "2048";
 	$pconfig['csr_digest_alg'] = "sha256";
-	$pconfig['type'] = "user";
 	$pconfig['lifetime'] = "3650";
 }
 
@@ -211,13 +206,12 @@ if ($_POST) {
 
 		if ($pconfig['method'] == "internal") {
 			$reqdfields = explode(" ",
-					"descr caref keylen type lifetime dn_country dn_state dn_city ".
+					"descr caref keylen lifetime dn_country dn_state dn_city ".
 					"dn_organization dn_email dn_commonname");
 			$reqdfieldsn = array(
 					gettext("Descriptive name"),
 					gettext("Certificate authority"),
 					gettext("Key length"),
-					gettext("Certificate Type"),
 					gettext("Lifetime"),
 					gettext("Distinguished name Country Code"),
 					gettext("Distinguished name State or Province"),
@@ -359,7 +353,7 @@ if ($_POST) {
 						$dn['subjectAltName'] = implode(",", $altnames_tmp);
 					}
 					if (!cert_create($cert, $pconfig['caref'], $pconfig['keylen'],
-						$pconfig['lifetime'], $dn, $pconfig['type'], $pconfig['digest_alg'])){
+						$pconfig['lifetime'], $dn, $pconfig['digest_alg'])){
 						while($ssl_err = openssl_error_string()){
 							$input_errors = array();
 							array_push($input_errors, "openssl library returns: " . $ssl_err);
@@ -722,23 +716,6 @@ function internalca_change() {
 								<br /><?= gettext("NOTE: It is recommended to use an algorithm stronger than SHA1 when possible.") ?>
 							</td>
 						</tr>
-						<tr>
-							<td width="22%" valign="top" class="vncellreq"><?=gettext("Certificate Type");?></td>
-							<td width="78%" class="vtable">
-								<select name='type' class="formselect">
-								<?php
-									foreach( $cert_types as $ct => $ctdesc ):
-									$selected = "";
-									if ($pconfig['type'] == $ct)
-										$selected = " selected=\"selected\"";
-								?>
-									<option value="<?=$ct;?>"<?=$selected;?>><?=$ctdesc;?></option>
-								<?php endforeach; ?>
-								</select>
-								<br />
-								<?=gettext("Type of certificate to generate. Used for placing restrictions on the usage of the generated certificate.");?>
-							</td>
-						</tr>
 						<tr>
 							<td width="22%" valign="top" class="vncellreq"><?=gettext("Lifetime");?></td>
 							<td width="78%" class="vtable">
@@ -1134,9 +1111,6 @@ function internalca_change() {
 									</td>
 								</tr>
 								<tr><td>&nbsp;</td></tr>
-								<?php if ($cert['type']): ?>
-								<tr><td colspan="2"><em><?php echo $cert_types[$cert['type']]; ?></em></td></tr>
-								<?php endif; ?>
 								<?php if (is_array($purpose)): ?>
 								<tr><td colspan="2">
 									CA: <?php echo $purpose['ca']; ?>,