[PATCH 1/2] vpnmain.cgi: Fixes bug13737 - increments the serial number to allow cert regen

[Adolf Belka <adolf.belka@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 1312 bytes --]

- When the regeneration is carried out the existing cert, with serial number 01, is
   revoked but when the new cert is created the serial number is still 01 causing error
   messages about the new cert being revoked.
- This patch increments the serial number from 01 to 02 after the initial root/host
   certificate set is created.
- Then when the olf cert is revoked the new one uses serial number 02 but also
   automatically increments it again. So all future regenerations work without problems.
- Tested out on a physical IPFire system.

Fixes: bug13737
Tested-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
---
 html/cgi-bin/vpnmain.cgi | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index a1d0f0e2a..fe14b38f0 100755
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -1241,6 +1241,13 @@ END
 	exit(0);
 
 	ROOTCERT_SUCCESS:
+
+# Increment the serial number to 02 after root and host certificates are
+# created so that cert regeneration works.
+	open(FILE, ">${General::swroot}/certs/serial");
+	print FILE "02";
+	close FILE;
+
 	if (&vpnenabled) {
 		&General::system('/usr/local/bin/ipsecctrl', 'S');
 		sleep $sleepDelay;
-- 
2.48.1