Jump to content

Module: (Digitally) Signed Invoices!

laszlof
 Share

Recommended Posts

laszlof Senior Member

laszlof

Posted
Posted

DESCRIPTION

This module will allow you to digitally sign PDF invoices being sent out from your WHMCS installation. A valid signing certificate and key is required for this module to function correctly. You can generate a self signed key/certificate using the following commands:

 

openssl req -x509 -nodes -days 365000 -newkey rsa:1024 -keyout selfsigned.key -out selfsigned.crt

 

The following fields are available within the modules admin interface:

 

Certificate: <Paste your certificate here>

Private Key: <Paste your private key here>

Intermediate Certificate: (Optional) <Paste any additional certificates required for validation here>

Private Key Passphrase: (Optional) <Paste your keys passphrase here if one has been configured>

 

SUPPORT

Ticket support will be provided on an as-needed basis. Updates/bug fixes will be provided

free of charge to all purchasers for the duration of the product lifetime.

 

The lifecycle of this product may be terminated at any time, at which point all existing support

obligations will be null and void, and full sourcecode will be released to those who have purchased

the module.

 

To receive support, please either log a ticket on my website (https://secure.franksworld.org/whmcs/clientarea.php) or email sales@franksworld.org.

 

PRICE

$25 one time

 

ORDER LINK

Order Now!

0
Link to comment
Share on other sites
laszlof Senior Member

laszlof

Posted
  • Author
Posted

Heres a sample invoice created and signed. Note that the certificate is self-signed, so it will show up as unknown. A valid certificate will not show up this way.

 

I am uncertain if EV1 certificates will work, I assume that they will. You can check the documentation for TCPDF (the setSignature() function) and see what exactly is supported for certificate type.

0
Link to comment
Share on other sites
thernes Senior Member

thernes

Posted
Posted
Heres a sample invoice created and signed. Note that the certificate is self-signed, so it will show up as unknown. A valid certificate will not show up this way.

 

I am uncertain if EV1 certificates will work, I assume that they will. You can check the documentation for TCPDF (the setSignature() function) and see what exactly is supported for certificate type.

Hi Frank

 

Looks like the screenshot is missing ;)

0
Link to comment
Share on other sites
  • 2 weeks later...
Inetbiz Senior Member

Inetbiz

Posted
Posted

it would be NICE if each support department setup included a way to store the key to sign out-going emails from that department as well as signed PDFs. Matt says the email class is unencrypted. So, any chance of expanding this to handle the mail class for out-going emails per department? I don't mind buying email certs for every department email account.

0
Link to comment
Share on other sites
laszlof Senior Member

laszlof

Posted
  • Author
Posted

Again, its a moot point. If someone was able to read your WHMCS database, you have more important things to worry about than someone gaining access to the private key of your digital signature, like getting all of your client information, credit card numbers, hosting account passwords, etc.

0
Link to comment
Share on other sites
PowerChaos Member

PowerChaos

Posted
Posted
I'm not a security expert but it's easier to have a bug in WHMCS or in an add-on that could display the private key than having access to a path/file outside the public folder ...

it is like he told you before

 

if they can get your security key from the database then i would realy be worried about a lot of stuff and then that private key is nothing to care about (just generate a new key ... easy )

 

but if they can get it from the database -> your security is messed up -> you lose a lot more data

 

a database is more secure then a file , a file need to be able to read from and does not contain username/password

if a user uploads a php file and just put the include to the right path then he got acces to your file ( i got a script that just show dir index ... -> i can download files from root as it shows me a nice list of what files are in that folder i provide , example -> http://powerchaos.com/stats.html or http://eo.demonpower.com/patch/ )

 

the database got certain security on it , you need to have a user/pass to start with before you can get any data and then you need to know what table it is (is it database "test" or database "test_test" ?? )

 

anyway , if you do not know how to secure things in the first place then i would be worried about a lot of things

 

then for the bugs , there are indeed some bugs in scripts that can be a security risk , but it is up to the creator to make the script that it does not contain those bugs and mainly the makers does not put a echo command on those things ... (so even if there is a bug it wont display that code)

 

it all depends how the script works and how the script get the data

 

 

however you look at it , they both are secure if you know how to protect from it ( for root -> php_open_basedir ?? , for mysql -> allow only localhost and user proper user rights )

 

Greetings From PowerChaos

0
Link to comment
Share on other sites
  • 4 weeks later...
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept