🎉 Hinzugefügt: Skript zur Generierung browser-kompatibler SSL-Zertifikate mit umfassender Fehlerbehandlung und Validierung. 🔒✨

backend/Fix-SSL-Browser.ps1

@@ -0,0 +1,165 @@
+# MYP SSL Browser-Kompatibilitäts-Fix
+# Löst ERR_SSL_KEY_USAGE_INCOMPATIBLE Fehler
+
+Write-Host "=========================================================" -ForegroundColor Cyan
+Write-Host "MYP SSL BROWSER-KOMPATIBILITÄTS-FIX" -ForegroundColor Cyan
+Write-Host "Löst ERR_SSL_KEY_USAGE_INCOMPATIBLE Fehler" -ForegroundColor Cyan
+Write-Host "=========================================================" -ForegroundColor Cyan
+Write-Host ""
+
+# Prüfe ob SSL-Verzeichnis existiert
+if (!(Test-Path "ssl")) {
+    Write-Host "Erstelle SSL-Verzeichnis..." -ForegroundColor Yellow
+    New-Item -ItemType Directory -Path "ssl" | Out-Null
+}
+
+# Backup existierender Zertifikate
+if (Test-Path "ssl\cert.pem") {
+    Write-Host "Erstelle Backup der alten Zertifikate..." -ForegroundColor Yellow
+    if (!(Test-Path "ssl\backup")) {
+        New-Item -ItemType Directory -Path "ssl\backup" | Out-Null
+    }
+    $timestamp = Get-Date -Format "yyyyMMdd_HHmmss"
+    Copy-Item "ssl\cert.pem" "ssl\backup\cert_backup_$timestamp.pem" -ErrorAction SilentlyContinue
+    Copy-Item "ssl\key.pem" "ssl\backup\key_backup_$timestamp.pem" -ErrorAction SilentlyContinue
+    Write-Host "Backup erstellt." -ForegroundColor Green
+}
+
+# Prüfe ob OpenSSL verfügbar ist
+try {
+    $null = & openssl version 2>$null
+    Write-Host "OpenSSL gefunden. Generiere browser-kompatible SSL-Zertifikate..." -ForegroundColor Green
+    Write-Host ""
+}
+catch {
+    Write-Host ""
+    Write-Host "FEHLER: OpenSSL ist nicht installiert oder nicht im PATH!" -ForegroundColor Red
+    Write-Host ""
+    Write-Host "Bitte installiere OpenSSL:" -ForegroundColor Yellow
+    Write-Host "1. Lade OpenSSL für Windows herunter: https://slproweb.com/products/Win32OpenSSL.html" -ForegroundColor White
+    Write-Host "2. Oder verwende das bestehende SSL-Modul mit Python" -ForegroundColor White
+    Write-Host ""
+    Write-Host "Alternative: Manueller Fix mit vorbereiteten Zertifikaten..." -ForegroundColor Yellow
+    Write-Host ""
+    Read-Host "Drücke Enter zum Beenden"
+    exit 1
+}
+
+# Erstelle browser-kompatible OpenSSL-Konfiguration
+$openssl_config = @"
+[req]
+distinguished_name = req_distinguished_name
+req_extensions = v3_req
+prompt = no
+
+[req_distinguished_name]
+C = DE
+ST = Baden-Wuerttemberg
+L = Stuttgart
+O = Mercedes-Benz AG
+OU = MYP Druckerverwaltung
+CN = m040tbaraspi001
+
+[v3_req]
+basicConstraints = critical, CA:FALSE
+keyUsage = critical, digitalSignature, keyEncipherment, keyAgreement
+extendedKeyUsage = critical, serverAuth, clientAuth
+subjectAltName = critical, @alt_names
+nsCertType = server
+nsComment = "MYP SSL Fix - ERR_SSL_KEY_USAGE_INCOMPATIBLE Lösung"
+
+[alt_names]
+DNS.1 = localhost
+DNS.2 = *.localhost
+DNS.3 = m040tbaraspi001
+DNS.4 = m040tbaraspi001.local
+DNS.5 = m040tbaraspi001.de040.corpintra.net
+DNS.6 = *.de040.corpintra.net
+IP.1 = 127.0.0.1
+IP.2 = ::1
+IP.3 = 0.0.0.0
+"@
+
+# Schreibe OpenSSL-Konfiguration
+$openssl_config | Out-File -FilePath "ssl\openssl_browser_fix.conf" -Encoding UTF8
+Write-Host "OpenSSL-Konfiguration erstellt." -ForegroundColor Green
+
+try {
+    # Generiere Private Key
+    Write-Host "Generiere Private Key (RSA 2048)..." -ForegroundColor Yellow
+    & openssl genrsa -out "ssl\key.pem" 2048 2>$null
+    if ($LASTEXITCODE -ne 0) {
+        throw "Private Key Generierung fehlgeschlagen!"
+    }
+    Write-Host "Private Key generiert." -ForegroundColor Green
+
+    # Generiere browser-kompatibles Zertifikat
+    Write-Host "Generiere browser-kompatibles Zertifikat..." -ForegroundColor Yellow
+    & openssl req -new -x509 -key "ssl\key.pem" -out "ssl\cert.pem" -days 365 -config "ssl\openssl_browser_fix.conf" -extensions v3_req -sha256 2>$null
+    if ($LASTEXITCODE -ne 0) {
+        throw "Zertifikat-Generierung fehlgeschlagen!"
+    }
+    Write-Host "Browser-kompatibles Zertifikat generiert." -ForegroundColor Green
+
+    # Aufräumen
+    Remove-Item "ssl\openssl_browser_fix.conf" -ErrorAction SilentlyContinue
+
+    # Validierung
+    Write-Host ""
+    Write-Host "=========================================================" -ForegroundColor Cyan
+    Write-Host "BROWSER-KOMPATIBILITÄTS-VALIDIERUNG" -ForegroundColor Cyan
+    Write-Host "=========================================================" -ForegroundColor Cyan
+    Write-Host "Prüfe Zertifikat-Extensions..." -ForegroundColor Yellow
+
+    $cert_info = & openssl x509 -in "ssl\cert.pem" -noout -text 2>$null
+    
+    $checks = @(
+        @{ Name = "Digital Signature"; Pattern = "Digital Signature" },
+        @{ Name = "Key Encipherment"; Pattern = "Key Encipherment" },
+        @{ Name = "TLS Web Server Authentication"; Pattern = "TLS Web Server Authentication" },
+        @{ Name = "Subject Alternative Name"; Pattern = "Subject Alternative Name" },
+        @{ Name = "CA:FALSE"; Pattern = "CA:FALSE" }
+    )
+
+    foreach ($check in $checks) {
+        if ($cert_info -match $check.Pattern) {
+            Write-Host "✅ $($check.Name)" -ForegroundColor Green
+        } else {
+            Write-Host "❌ $($check.Name)" -ForegroundColor Red
+        }
+    }
+
+    Write-Host ""
+    Write-Host "=========================================================" -ForegroundColor Green
+    Write-Host "SSL-FIX ERFOLGREICH ABGESCHLOSSEN!" -ForegroundColor Green
+    Write-Host "=========================================================" -ForegroundColor Green
+    Write-Host ""
+    Write-Host "Nächste Schritte:" -ForegroundColor Cyan
+    Write-Host "1. Browser-Cache vollständig leeren:" -ForegroundColor White
+    Write-Host "   - Chrome/Edge: Strg+Shift+Del, 'Gesamte Zeit', alle Optionen" -ForegroundColor Gray
+    Write-Host "   - Firefox: Strg+Shift+Del, 'Alles' auswählen" -ForegroundColor Gray
+    Write-Host ""
+    Write-Host "2. MYP-Anwendung neu starten" -ForegroundColor White
+    Write-Host ""
+    Write-Host "3. https://localhost:5000 aufrufen" -ForegroundColor White
+    Write-Host ""
+    Write-Host "4. Bei SSL-Warnung: 'Erweitert' → 'Weiter zu localhost (unsicher)'" -ForegroundColor White
+    Write-Host ""
+    Write-Host "💡 Der Fehler ERR_SSL_KEY_USAGE_INCOMPATIBLE sollte behoben sein!" -ForegroundColor Green
+    Write-Host ""
+    Write-Host "Zertifikat gespeichert in: ssl\cert.pem" -ForegroundColor Gray
+    Write-Host "Private Key gespeichert in: ssl\key.pem" -ForegroundColor Gray
+    Write-Host ""
+
+} catch {
+    Write-Host ""
+    Write-Host "FEHLER: $_" -ForegroundColor Red
+    Write-Host ""
+    Write-Host "Mögliche Lösungen:" -ForegroundColor Yellow
+    Write-Host "1. OpenSSL neu installieren und dem PATH hinzufügen" -ForegroundColor White
+    Write-Host "2. PowerShell als Administrator ausführen" -ForegroundColor White
+    Write-Host "3. Prüfe Schreibberechtigungen im ssl-Verzeichnis" -ForegroundColor White
+    Write-Host ""
+}
+
+Read-Host "Drücke Enter zum Beenden"