Revert user cert

CHANGELOG.md

@@ -1,94 +1,3 @@
-12.02.2015
- 
-Go to registry shared folder and setup CA directory tree:
-```
-mkdir ca
-cd ca
-mkdir certs crl newcerts private
-chmod 700 private
-touch index.txt
-echo 1000 > serial
-```
-
-Generate the root key (prompts for pass phrase): 
-```
-openssl genrsa -aes256 -out private/ca.key.pem 4096
-```
-
-Configure OpenSSL:
-```
-sudo su -
-cd /etc/ssl/
-cp openssl.cnf openssl.cnf.bak
-nano openssl.cnf
-exit
-```
-
-Make sure the following options are in place:
-```
-[ CA_default ]
-# Where everything is kept
-dir = /home/registry/registry/shared/ca
-
-[ usr_cert ]
-# These extensions are added when 'ca' signs a request.
-basicConstraints=CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-nsComment = "OpenSSL Generated Certificate"
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-[ v3_ca ]
-# Extensions for a typical CA
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer
-basicConstraints = CA:true
-keyUsage = cRLSign, keyCertSign
-
-[ policy_match ]
-countryName             = optional
-stateOrProvinceName     = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = optional
-emailAddress            = optional
-```
-
-Issue the root certificate (prompts for additional data):
-```
-openssl req -new -x509 -days 3650 -key private/ca.key.pem -sha256 -extensions v3_ca -out certs/ca.cert.pem
-chmod 444 certs/ca.cert.pem
-```
-
-Configure EPP virtual host:
-```
-sudo nano /etc/apache2/sites-enabled/epp.conf
-```
-
-Replace this line:
-```
-SSLVerifyClient optional_no_ca
-```
-
-With these lines:
-```
-  SSLVerifyClient require
-  SSLVerifyDepth 1
-  SSLCACertificateFile /home/registry/registry/shared/ca/certs/ca.cert.pem
-```
-
-Reload apache:
-```
-sudo /etc/init.d/apache2 reload
-```
-
-Configure application.yml to match the CA settings:
-```
-ca_cert_path: '/home/registry/registry/shared/ca/certs/ca.cert.pem'
-ca_key_path: '/home/registry/registry/shared/ca/private/ca.key.pem'
-ca_key_password: 'registryalpha'
-```
-
 20.01.2015
 
 * Added dedicated mina cron:setup and mina cron:clear for manual cron management.

app/models/api_user.rb

@@ -9,7 +9,7 @@ class ApiUser < User
   validates :username, :password, :registrar, presence: true
   validates :username, uniqueness: true
 
-  before_save :create_crt, if: -> (au) { au.csr_changed? }
+  # before_save :create_crt, if: -> (au) { au.csr_changed? }
 
   attr_accessor :registrar_typeahead
 

app/views/admin/api_users/show.haml

@@ -43,7 +43,7 @@
             %dd -
 
           %dt= t('crt')
-          - if @api_user.csr
+          / - if @api_user.csr
-            %dd= link_to(t('download'), download_crt_admin_api_user_path)
+          /   %dd= link_to(t('download'), download_crt_admin_api_user_path)
-          - else
+          / - else
-            %dd -
+          /   %dd -