Line 1: |
Line 1: |
| {{Languages|PHPki}} | | {{Languages|PHPki}} |
| | | |
− | {{Note box| For v10 we have created a new update version of PHPKi called PHPKi-ng with fixes and higher security defaults. If you used the previous version you will need to create a new CA and certificates. We have imported the original version to contribs if you really need to use it, but it is not recommended, and will not be generally released}} | + | {{Note box| For v10 we have created a new update version of PHPKi called PHPKi-ng with fixes and higher security defaults. If you used the previous version you will need to create a new CA and certificates. We have imported the original version to contribs if you really need to use it, but it is not recommended, and will not be generally released.}} |
| | | |
| ===Maintainer=== | | ===Maintainer=== |
Line 23: |
Line 23: |
| [http://sourceforge.net/projects/phpki/ PHPki] is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications. PHPki is now used to manage certificates with the latest release of the [[OpenVPN_Bridge|SME Server OpenVPN Bridge contrib]]. | | [http://sourceforge.net/projects/phpki/ PHPki] is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications. PHPki is now used to manage certificates with the latest release of the [[OpenVPN_Bridge|SME Server OpenVPN Bridge contrib]]. |
| | | |
− | You can see a demo installation [http://phpki.sourceforge.net/phpki/ here] | + | You can see a demo installation [http://phpki.sourceforge.net/phpki/ here.] |
| | | |
| === Requirements === | | === Requirements === |
Line 32: |
Line 32: |
| === Installation === | | === Installation === |
| | | |
− | {{Warning box| If openvpn is not detected PHPKi cannot generate a TA Key and it should advise you during install. To generate a TA Key once you have openvpn installed do this (assuming this is the correct directory) | + | {{Warning box| If openvpn is not detected PHPKi cannot generate a TA Key and it should advise you during install. To generate a TA Key once you have openvpn installed do this (assuming this is the correct directory) |
| openvpn --genkey --secret /opt/phpki/phpki-store/CA/private/takey.pem | | openvpn --genkey --secret /opt/phpki/phpki-store/CA/private/takey.pem |
| chown phpki:phpki /opt/phpki/phpki-store/CA/private/takey.pem}} | | chown phpki:phpki /opt/phpki/phpki-store/CA/private/takey.pem}} |
Line 125: |
Line 125: |
| | | |
| {{Note box|If you just installed the [[OpenVPN_Bridge]] contrib and are installing PHPki as suggested by the wiki page, or you just want to use [[PHPki]] without [[OpenVPN_Bridge]] contrib, then you are done here, and you don't have to migrate any certificates}} | | {{Note box|If you just installed the [[OpenVPN_Bridge]] contrib and are installing PHPki as suggested by the wiki page, or you just want to use [[PHPki]] without [[OpenVPN_Bridge]] contrib, then you are done here, and you don't have to migrate any certificates}} |
| + | {{Note box|starting phpki-ng-0.84-14 new URL are available to access your CRL and request for certificate status |
| + | |
| + | http://www.somewhere.com/phpki/ns_revoke_query.php? |
| + | |
| + | http://www.somewhere.com/phpki/dl_crl.php}} |
| | | |
| === Add another admin === | | === Add another admin === |
− | if you happen to need to delegate certifciate generation, you can use user-panel to add access to the panel, but you will also need to add the user manually to phpki config | + | if you happen to need to delegate certificate generation, you can use user-panel to add access to the panel, but you will also need to add the user manually to phpki config |
| | | |
| edit /opt/phpki/phpki-store/config/config.php<syntaxhighlight lang="php"> | | edit /opt/phpki/phpki-store/config/config.php<syntaxhighlight lang="php"> |
Line 145: |
Line 150: |
| | | |
| Certificates and PKI configuration are stored in /opt/phpki/phpki-store, php files are in /opt/phpki/html | | Certificates and PKI configuration are stored in /opt/phpki/phpki-store, php files are in /opt/phpki/html |
− | {{Warning box|These files can be very important, so my recommendation is to let them remain here. If you really want to remove them, just backup them before: | + | {{Warning box|To start from scratch after uninstallation you need to get rid of the html and pkpki-store directories before reinstalling. |
| + | The files in phpki-store can be very important, so my recommendation is to let them remain here. If you really want to remove them, just backup them before: |
| cd /opt/phpki | | cd /opt/phpki |
| tar cvzf ~/phpki-backup.tar.gz ./ | | tar cvzf ~/phpki-backup.tar.gz ./ |
| Now you can remove the entire /opt/phpki directory | | Now you can remove the entire /opt/phpki directory |
| + | rm /opt/phpki/{html,phpki-store} -rf |
| }} | | }} |
| | | |
| === Re-install === | | === Re-install === |
| | | |
− | ==== before php-ki-ng 0.84-14 ==== | + | ==== before phpki-ng 0.84-14 ==== |
− | If you have removed the contrib, and want to re-install it keeping you previous CA (assuming you restored /opt/phpki), you'll need to follow these steps after you have installed the rpms: | + | If you have removed the contrib, and want to re-install it keeping your previous CA (assuming you restored /opt/phpki), you'll need to follow these steps after you have installed the rpms: |
| | | |
| cd /opt/phpki/html/ | | cd /opt/phpki/html/ |
Line 169: |
Line 176: |
| | | |
| === Bugs === | | === Bugs === |
− | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla] | + | Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]. |
| + | |
| + | ====smeserver-phpki-ng==== |
| | | |
− | For the new smeserver-phpki-ng select the smeserver-phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-phpki-ng|title=this link}} | + | For the new smeserver-phpki-ng, select the smeserver-phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-phpki-ng|title=this link}} |
| | | |
| {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-phpki-ng|noresultsmessage="No open bugs found."}} | | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-phpki-ng|noresultsmessage="No open bugs found."}} |
| | | |
− | Use this for bugs phpki-ng itself {{BugzillaFileBug|product=SME%20Contribs|component=phpki-ng|title=this link}}
| + | |
| + | ====phpki-ng==== |
| + | |
| + | For the new phpki-ng itself select the phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=phpki-ng|title=this link}} |
| | | |
| {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=phpki-ng|noresultsmessage="No open bugs found."}} | | {{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=phpki-ng|noresultsmessage="No open bugs found."}} |
| | | |
− | === changelog === | + | === Changelog === |
| + | Only released version in smecontrib are listed here. |
| + | |
| + | {{#smechangelog:smeserver-phpki-ng}} |
| + | {{#smechangelog:phpki-ng}} |
| ---- | | ---- |
| [[Category:Contrib]] | | [[Category:Contrib]] |
| [[Category:Administration:Certificates]] | | [[Category:Administration:Certificates]] |