Difference between revisions of "PHPki"

From SME Server
Jump to navigationJump to search
m
 
(59 intermediate revisions by 11 users not shown)
Line 1: Line 1:
{{Languages}}
+
{{Languages|PHPki}}
 +
 
 +
{{Note box| For v10 we have created a new update version of PHPKi called PHPKi-ng with fixes and higher security defaults. If you used the previous version you will need to create a new CA and certificates. We have imported the original version to contribs if you really need to use it, but it is not recommended, and will not be generally released.}}
  
 
===Maintainer===
 
===Maintainer===
[[User:VIP-ire|Daniel B.]]<br/>
+
Previous:
[http://www.firewall-services.com Firewall Services]<br>
+
[mailto:daniel@firewall-services.com][[User:VIP-ire|Daniel B.]] from [http://www.firewall-services.com Firewall Services]
mailto:daniel@firewall-services.com
+
 
 +
Now maintained by Koozali SME
  
 
=== Version ===
 
=== Version ===
 +
Old version prior SME10:smeserver-phpki and phpki
 +
 +
New Version:
 +
 +
{{#smeversion: smeserver-phpki-ng }}
 +
{{#smeversion: phpki-ng }}
  
{{ #smeversion: smeserver-phpki }}
+
Please follow the installation instructions below. The installation instructions will satisfy all dependencies and the latest versions of the above 2 RPMs will be installed automatically.
{{ #smeversion: phpki }}
 
  
 
=== Description ===
 
=== Description ===
  
[http://sourceforge.net/projects/phpki/ PHPki] is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications.
+
[http://sourceforge.net/projects/phpki/ PHPki] is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications. PHPki is now used to manage certificates with the latest release of the [[OpenVPN_Bridge|SME Server OpenVPN Bridge contrib]].
  
PHPki is now used to manage certificates with the new release of smeserver-openvpn-bridge.
+
You can see a demo installation [http://phpki.sourceforge.net/phpki/ here.]
 
 
You can see a demo installation [http://phpki.sourceforge.net/phpki/ here]
 
  
 
=== Requirements ===
 
=== Requirements ===
*SME Server 7.X
 
 
 
{{Warning box|This version of PHPki is a slightly modified version, so it can be used with certificates generated with previous release of smeserver-openvpn-bridge, plus some others minor modifications.
 
{{Warning box|This version of PHPki is a slightly modified version, so it can be used with certificates generated with previous release of smeserver-openvpn-bridge, plus some others minor modifications.
 +
Starting phpki-ng-0.84, default_md has been upgraded to sha512 (previous was sha1). You can keep your existing CA working, but we strongly advise you to upgrade to a new instance, as the weak sha1 hash is a security issue.
 
}}
 
}}
 +
 
=== Installation ===
 
=== Installation ===
  
*install the rpms and start/restart needed services:
+
{{Warning box| If openvpn is not detected PHPKi cannot generate a TA Key and it should advise you during install. To generate a TA Key once you have openvpn installed do this (assuming this is the correct directory)
 +
openvpn --genkey --secret /opt/phpki/phpki-store/CA/private/takey.pem
 +
chown phpki:phpki /opt/phpki/phpki-store/CA/private/takey.pem}}
 +
 
 +
<tabs container><tab name="SME 10">
 +
*install the rpms
 +
yum --enablerepo=smecontribs install smeserver-phpki-ng
 +
 
 +
go to the server-manager to the manage certificate menu and start creating your CA certificate
 +
 
 +
Warning click only once and wait for the page to update it can be very long to create the 4096 certificate...
  
 +
</tab>
 +
<tab name="SME 9">
 +
you have to enable the [[epel]] repository
 +
*install the rpms
 +
yum --enablerepo=smecontribs,epel install smeserver-phpki
 +
 +
*and start/restart needed services:
 +
expand-template /etc/httpd/conf/httpd.conf
 +
expand-template /etc/httpd/pki-conf/httpd.conf
 +
sv t /service/httpd-e-smith
 +
sv u /service/httpd-pki
 +
 +
* alternatively issue the following :
 +
signal-event post-upgrade; signal-event reboot
 +
 +
on update you can issue
 +
expand-template /etc/httpd/conf/httpd.conf
 +
expand-template /etc/httpd/pki-conf/httpd.conf
 +
sv t /service/httpd-e-smith
 +
sv t /service/httpd-pki
 +
 +
 +
</tab>
 +
<tab name="SME 8">
 +
For sme8
 +
*install the rpms
 
  yum --enablerepo=smecontribs install smeserver-phpki
 
  yum --enablerepo=smecontribs install smeserver-phpki
 +
 +
*and start/restart needed services:
 
  expand-template /etc/httpd/conf/httpd.conf
 
  expand-template /etc/httpd/conf/httpd.conf
 
  expand-template /etc/httpd/pki-conf/httpd.conf
 
  expand-template /etc/httpd/pki-conf/httpd.conf
Line 34: Line 78:
 
  sv u /service/httpd-pki
 
  sv u /service/httpd-pki
  
 +
* alternatively issue the following :
 +
signal-event post-upgrade; signal-event reboot
 +
</tab>
 +
</tabs>
  
*Configure your new PKI
+
=== Configure your new PKI ===
  
 
Go in the server-manager, you'll find a new "Manage Certificates" menu (or you can use the URL https://server.domain.tld/phpki/ca)
 
Go in the server-manager, you'll find a new "Manage Certificates" menu (or you can use the URL https://server.domain.tld/phpki/ca)
Line 52: Line 100:
 
**URL of your PKI (https://my.domain.tld/phpki)
 
**URL of your PKI (https://my.domain.tld/phpki)
  
Others settings should be OK for most installations.
+
These two screenshots illustrate the first (and the most important) part of this configuration page:
  
Once you have submitted this form, you'll be able to start using PHPki. It's quite easy to use.
+
[[File:PHPki_CA_initial_setup_data_part_1.png|768px|thumb|center|First part of the initiale configuration page (above)]]
 +
 
 +
[[File:PHPki_CA_initial_setup_data_part_2.png|768px|thumb|center|First part of the initiale configuration page (low)]]
 +
 
 +
The second part is like this:
 +
 
 +
[[File:PHPki_CA_initial_setup_options.png|768px|thumb|center|Second part of the initiale configuration page]]
 +
 
 +
The default settings should be OK for most installations. You may just want to change the "Help Document Contact Info" part.
 +
 
 +
Once you have submitted this form (which can take several minutes, '''be patient''', as generating dh parameters can take a long time), you should have something like this:
 +
 
 +
 
 +
[[File:Phpki_init_finish.png|768px|thumb|center|Second part of the initiale configuration page]]
 +
 
 +
Now you'll be able to start using PHPki. It's quite easy to use.
  
 
The administrative interface is available on the server-manager or directly https://my.domain.tld/phpki/ca
 
The administrative interface is available on the server-manager or directly https://my.domain.tld/phpki/ca
Line 61: Line 124:
 
Here, users can download the Master CA certificate, the CRL, or search for certificates of other users (public part only of course).
 
Here, users can download the Master CA certificate, the CRL, or search for certificates of other users (public part only of course).
  
{{Warning box|If you just installed the [[OpenVPN_Bridge]] contrib and are installing PHPki as suggested by the wiki page, then you are done here, and you don't have to migrate any certificates}}
+
{{Note box|If you just installed the [[OpenVPN_Bridge]] contrib and are installing PHPki as suggested by the wiki page, or you just want to use [[PHPki]] without [[OpenVPN_Bridge]] contrib, then you are done here, and you don't have to migrate any certificates}}
 +
{{Note box|starting phpki-ng-0.84-14 new URL are available to access your CRL and request for certificate status
  
=== Migrate Certificates from previous OpenVPN-Bridge contrib installations===
+
    http://www.somewhere.com/phpki/ns_revoke_query.php?
  
If you are installing this phpki contrib because you of OpenVPN-Bridge contrib, and have used OpenVPN-Bridge before and have already certificates, follow the instructions below. If you have a fresh and new install of OpenVPN-Bridge, skip the below instructions for you do not have 'old' certificates!
+
    http://www.somewhere.com/phpki/dl_crl.php}}
  
PHPki is now the certificate manager recommended to manage [[OpenVPN_Bridge]] certificates.
+
=== Add another admin  ===
This part will explain how-to import your certificates created with openvpn-bridge into PHPki
+
if you happen to need to delegate certificate generation, you can use user-panel to add access to the panel, but you will also need to add the user manually to phpki config 
  
* First, you need to install the contribs as it's explain on this page (you can enter anything for the configuration of the CA, all your old parameters will be restored)
+
edit /opt/phpki/phpki-store/config/config.php<syntaxhighlight lang="php">
 +
#$PHPki_admins = Array(md5('admin'));
 +
$PHPki_admins = Array(md5('admin'),md5('user2'));
  
* Second, you need to copy this script on your server (for example as /root/migrate.sh) and execute it as root.
+
</syntaxhighlight>
  
{{Warning box|Of course, take some time to read this script before runing it as root.}}
+
=== Uninstall ===
 +
To uninstall the contrib from your server, just run the following commands:
 +
yum remove smeserver-phpki-ng phpki-ng
 +
expand-template /etc/httpd/conf/httpd.conf
 +
systemctl restart /service/httpd-e-smith
  
 +
{{Note box|As with many other rpms, removing phpki won't remove everything from your server. Especially certificates will be kept, and some php files. PHPKi-ng will attempt to backup any old certificates.
 +
}}
  
#!/bin/bash
+
Certificates and PKI configuration are stored in /opt/phpki/phpki-store, php files are in /opt/phpki/html
+
{{Warning box|To start from scratch after uninstallation you need to get rid of the html and pkpki-store directories before reinstalling.  
# Read Openvpn-Bridge DB
+
The files in phpki-store can be very important, so my recommendation is to let them remain here. If you really want to remove them, just backup them before:
ORGNAME=$(/sbin/e-smith/db openvpn-bridge getprop default_config organizationName)
+
  cd /opt/phpki
COUNTRY=$(/sbin/e-smith/db openvpn-bridge getprop default_config countryCode)
+
  tar cvzf ~/phpki-backup.tar.gz ./
STATE=$(/sbin/e-smith/db openvpn-bridge getprop default_config countryName)
+
Now you can remove the entire /opt/phpki directory
LOC=$(/sbin/e-smith/db openvpn-bridge getprop default_config localityName)
+
rm /opt/phpki/{html,phpki-store} -rf
DEP=$(/sbin/e-smith/db openvpn-bridge getprop default_config sectionName)
+
}}
KEYSIZE=$(/sbin/e-smith/db openvpn-bridge getprop default_config keySize)
 
EMAIL=$(/sbin/e-smith/db openvpn-bridge getprop default_config mailAddress)
 
 
 
OPENSSL=/usr/bin/openssl
 
OLDDIR=/etc/openvpn/easy-rsa/keys/bridge/
 
NEWDIR=/opt/phpki/phpki-store/CA/
 
 
 
# Store the actual time in $TIME
 
TIME=$(date +%d%m%Y%H%M%S)
 
 
 
# Create needed directories
 
prepare_dir(){
 
        mkdir -p $NEWDIR/{certs,newcerts,requests,pfx,private}
 
}
 
 
 
# Migrate the certificates to phpki store
 
migrate_certs(){
 
        cd $OLDDIR
 
 
        # Copy the old index.txt and serial
 
        cat $OLDDIR/index.txt > $NEWDIR/index.txt
 
        cat serial > $NEWDIR/serial
 
 
        # Copy the cacert related files
 
        cat ca.crt > $NEWDIR/certs/cacert.pem
 
        cat ca.key > $NEWDIR/private/cakey.pem
 
 
        # Now, for each file ending with .crt
 
        for CERT in $(ls ./*.crt); do
 
                CERT=$(basename $CERT .crt)
 
 
                ISININDEX=$(grep -c "/CN=$CERT/" $NEWDIR/index.txt)
 
 
                # If the current cert isn't referenced in the index,
 
                # or the corresponding key or csr file dosn't exists, then skip it
 
                # This can happen in some situation where the serial has been corrupted
 
 
                if [ $ISININDEX == 1 ]&&[ -s $CERT.key ]&&[ -s $CERT.csr ]; then
 
                        # Retrieve the serial number as reported by  openssl
 
                        SERIAL=$(openssl x509 -noout -serial -in $CERT.crt | cut -d"=" -f 2)
 
 
                        # Create the pem only cert in the new dir
 
                        $OPENSSL x509 -in $CERT.crt -inform PEM -outform PEM -out $NEWDIR/newcerts/$SERIAL.pem
 
 
                        # Create the der formated cert
 
                        $OPENSSL x509 -in $CERT.crt -inform PEM -outform DER -out $NEWDIR/certs/$SERIAL.der
 
 
                        # And the pkcs12 bundle (cert+key+ca)
 
                        $OPENSSL pkcs12 -export -in $CERT.crt -inkey $CERT.key -certfile ca.crt -caname $ORGNAME -passout pass: -out $NEWDIR/pfx/$SERIAL.pfx
 
   
 
                        # Copy the private key
 
                        cat $CERT.key > $NEWDIR/private/$SERIAL-key.pem
 
 
                        # And the cert request
 
                        cat $CERT.csr > $NEWDIR/requests/$SERIAL-req.pem
 
                fi
 
        done
 
}
 
 
perms(){
 
        # Restrict access
 
        chown -R phpki:phpki $NEWDIR
 
        chmod -R o-rwx $NEWDIR
 
}
 
 
phpki_conf(){
 
        # Retrieve the common name of our CA with openssl command
 
        CACN=$($OPENSSL x509 -subject -noout -in $OLDDIR/ca.crt | cut -d'=' -f 8 | cut -d'/' -f 1)
 
   
 
 
        if [ -e /opt/phpki/phpki-store/config/config.php ]; then
 
                # Move the actual phpki configuration file             
 
                mv /opt/phpki/phpki-store/config/config.php /opt/phpki/phpki-store/config/config.php.$TIME
 
 
                # And use sed to configure it properly
 
                sed -e "s/config\['organization'\].*/config\['organization'\] = '$ORGNAME';/" \
 
                        -e "s/config\['unit'\].*/config\['unit'\] = '$DEP';/" \
 
                        -e "s/config\['contact'\].*/config\['contact'\] = '$EMAIL';/" \
 
                        -e "s/config\['locality'\].*/config\['locality'\] = '$LOC';/" \
 
                        -e "s/config\['province'\].*/config\['province'\] = '$STATE';/" \
 
                        -e "s/config\['country'\].*/config\['country'\] = '$COUNTRY';/" \
 
                        -e "s/config\['common_name'\].*/config\['common_name'\] = '$CACN';/" \
 
                        -e "s/config\['ca_pwd'\].*/config\['ca_pwd'\] = <nowiki>''</nowiki>;/" \
 
                        -e "s/config\['keysize'\].*/config\['keysize'\] = '$KEYSIZE';/" \
 
                        /opt/phpki/phpki-store/config/config.php.$TIME \
 
                        > /opt/phpki/phpki-store/config/config.php
 
        fi
 
}
 
 
migrate_var(){
 
        # Here, we just migrate dhparam and ta to phpki store
 
        if [ -e $OLDDIR/dh.pem ]; then
 
                cat $OLDDIR/dh.pem > $NEWDIR/private/dhparam1024.pem
 
        fi
 
        if [ -e $OLDDIR/ta.key ]; then
 
                cat $OLDDIR/ta.key > $NEWDIR/private/takey.pem
 
        fi
 
}
 
 
 
 
prepare_dir
 
migrate_certs
 
phpki_conf
 
migrate_var
 
perms
 
  
 +
=== Re-install ===
  
Now, go in the server-manager, in "Manage Certificates" and check your old certificates are here.
+
==== before phpki-ng 0.84-14 ====
 +
If you have removed the contrib, and want to re-install it keeping your previous CA (assuming you restored /opt/phpki), you'll need to follow these steps after you have installed the rpms:
  
=== Uninstall ===
+
cd /opt/phpki/html/
  yum remove smeserver-phpki phpki
+
rm -f index.php
  remove /opt/phpki manually
+
rm -f setup.php
  expand-template /etc/httpd/conf/httpd.conf
+
  ln -s main.php index.php
 +
cat config.php.rpmsave > config.php
 +
cd ca
 +
rm -f index.php
 +
ln -s main.php index.php
 +
  cd /opt/phpki/
 +
  chown phpki:phpki -R phpki-store
 +
chown root:phpki -R html/config.php
  
 
=== Bugs ===
 
=== Bugs ===
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]
+
Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla].
and select the smeserver-phpki component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-phpki|title=this link}}
+
 
 +
====smeserver-phpki-ng====
 +
 
 +
For the new smeserver-phpki-ng, select the smeserver-phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-phpki-ng|title=this link}}
 +
 
 +
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-phpki-ng|noresultsmessage="No open bugs found."}}
 +
 
 +
 
 +
====phpki-ng====
 +
 
 +
For the new phpki-ng itself select the phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=phpki-ng|title=this link}}
 +
 
 +
{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=phpki-ng|noresultsmessage="No open bugs found."}}
 +
 
 +
=== Changelog ===
 +
Only released version in smecontrib are listed here.
  
 +
{{#smechangelog:smeserver-phpki-ng}}
 +
{{#smechangelog:phpki-ng}}
 
----
 
----
 
[[Category:Contrib]]
 
[[Category:Contrib]]
 +
[[Category:Administration:Certificates]]

Latest revision as of 20:30, 25 October 2023



Important.png Note:
For v10 we have created a new update version of PHPKi called PHPKi-ng with fixes and higher security defaults. If you used the previous version you will need to create a new CA and certificates. We have imported the original version to contribs if you really need to use it, but it is not recommended, and will not be generally released.


Maintainer

Previous: [1]Daniel B. from Firewall Services

Now maintained by Koozali SME

Version

Old version prior SME10:smeserver-phpki and phpki

New Version:

Contrib 10:
smeserver-phpki-ng
The latest version of smeserver-phpki-ng is available in the SME repository, click on the version number(s) for more information.


Contrib 10:
phpki-ng
The latest version of phpki-ng is available in the SME repository, click on the version number(s) for more information.


Please follow the installation instructions below. The installation instructions will satisfy all dependencies and the latest versions of the above 2 RPMs will be installed automatically.

Description

PHPki is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications. PHPki is now used to manage certificates with the latest release of the SME Server OpenVPN Bridge contrib.

You can see a demo installation here.

Requirements

Warning.png Warning:
This version of PHPki is a slightly modified version, so it can be used with certificates generated with previous release of smeserver-openvpn-bridge, plus some others minor modifications.

Starting phpki-ng-0.84, default_md has been upgraded to sha512 (previous was sha1). You can keep your existing CA working, but we strongly advise you to upgrade to a new instance, as the weak sha1 hash is a security issue.


Installation

Warning.png Warning:
If openvpn is not detected PHPKi cannot generate a TA Key and it should advise you during install. To generate a TA Key once you have openvpn installed do this (assuming this is the correct directory)
openvpn --genkey --secret /opt/phpki/phpki-store/CA/private/takey.pem 
chown phpki:phpki /opt/phpki/phpki-store/CA/private/takey.pem


  • install the rpms
yum --enablerepo=smecontribs install smeserver-phpki-ng

go to the server-manager to the manage certificate menu and start creating your CA certificate

Warning click only once and wait for the page to update it can be very long to create the 4096 certificate...

you have to enable the epel repository

  • install the rpms
yum --enablerepo=smecontribs,epel install smeserver-phpki
  • and start/restart needed services:
expand-template /etc/httpd/conf/httpd.conf
expand-template /etc/httpd/pki-conf/httpd.conf
sv t /service/httpd-e-smith
sv u /service/httpd-pki
  • alternatively issue the following :
signal-event post-upgrade; signal-event reboot

on update you can issue

expand-template /etc/httpd/conf/httpd.conf
expand-template /etc/httpd/pki-conf/httpd.conf
sv t /service/httpd-e-smith
sv t /service/httpd-pki


For sme8

  • install the rpms
yum --enablerepo=smecontribs install smeserver-phpki
  • and start/restart needed services:
expand-template /etc/httpd/conf/httpd.conf
expand-template /etc/httpd/pki-conf/httpd.conf
sv t /service/httpd-e-smith
sv u /service/httpd-pki
  • alternatively issue the following :
signal-event post-upgrade; signal-event reboot

Configure your new PKI

Go in the server-manager, you'll find a new "Manage Certificates" menu (or you can use the URL https://server.domain.tld/phpki/ca) Here you have to enter the following informations:

    • Organisation
    • Department
    • Common Name of the Master CA
    • E-mail (technical contact)
    • City
    • State
    • Country Code
    • Password (to protect the private key of the Master CA)
    • Validity of the CA
    • Keys size
    • URL of your PKI (https://my.domain.tld/phpki)

These two screenshots illustrate the first (and the most important) part of this configuration page:

First part of the initiale configuration page (above)
First part of the initiale configuration page (low)

The second part is like this:

Second part of the initiale configuration page

The default settings should be OK for most installations. You may just want to change the "Help Document Contact Info" part.

Once you have submitted this form (which can take several minutes, be patient, as generating dh parameters can take a long time), you should have something like this:


Second part of the initiale configuration page

Now you'll be able to start using PHPki. It's quite easy to use.

The administrative interface is available on the server-manager or directly https://my.domain.tld/phpki/ca

There's also a public interface, available only from the local networks, but without password at https://my.domain.tld/phpki. Here, users can download the Master CA certificate, the CRL, or search for certificates of other users (public part only of course).


Important.png Note:
If you just installed the OpenVPN_Bridge contrib and are installing PHPki as suggested by the wiki page, or you just want to use PHPki without OpenVPN_Bridge contrib, then you are done here, and you don't have to migrate any certificates


Important.png Note:
starting phpki-ng-0.84-14 new URL are available to access your CRL and request for certificate status
   http://www.somewhere.com/phpki/ns_revoke_query.php?
   http://www.somewhere.com/phpki/dl_crl.php


Add another admin

if you happen to need to delegate certificate generation, you can use user-panel to add access to the panel, but you will also need to add the user manually to phpki config

edit /opt/phpki/phpki-store/config/config.php

#$PHPki_admins = Array(md5('admin'));
$PHPki_admins = Array(md5('admin'),md5('user2'));

Uninstall

To uninstall the contrib from your server, just run the following commands:

yum remove smeserver-phpki-ng phpki-ng
expand-template /etc/httpd/conf/httpd.conf
systemctl restart /service/httpd-e-smith


Important.png Note:
As with many other rpms, removing phpki won't remove everything from your server. Especially certificates will be kept, and some php files. PHPKi-ng will attempt to backup any old certificates.


Certificates and PKI configuration are stored in /opt/phpki/phpki-store, php files are in /opt/phpki/html

Warning.png Warning:
To start from scratch after uninstallation you need to get rid of the html and pkpki-store directories before reinstalling.

The files in phpki-store can be very important, so my recommendation is to let them remain here. If you really want to remove them, just backup them before:

cd /opt/phpki
tar cvzf ~/phpki-backup.tar.gz ./

Now you can remove the entire /opt/phpki directory

rm /opt/phpki/{html,phpki-store} -rf


Re-install

before phpki-ng 0.84-14

If you have removed the contrib, and want to re-install it keeping your previous CA (assuming you restored /opt/phpki), you'll need to follow these steps after you have installed the rpms:

cd /opt/phpki/html/
rm -f index.php 
rm -f setup.php
ln -s main.php index.php
cat config.php.rpmsave > config.php
cd ca
rm -f index.php
ln -s main.php index.php
cd /opt/phpki/
chown phpki:phpki -R phpki-store 
chown root:phpki -R html/config.php

Bugs

Please raise bugs under the SME-Contribs section in bugzilla.

smeserver-phpki-ng

For the new smeserver-phpki-ng, select the smeserver-phpki-ng component or use this link


IDProductVersionStatusSummary (4 tasks)
12436SME Contribs10.0CONFIRMEDfailure to download crl
12426SME Contribs10.0CONFIRMEDsmeserver-phpki-ng Setting httpd-pki PHPVersion does not alter template
12228SME Contribs10.0RESOLVEDwrong uid and gid
10903SME ContribsFuturCONFIRMEDNFR: Save certificate bundle for ovpn configs


phpki-ng

For the new phpki-ng itself select the phpki-ng component or use this link


IDProductVersionStatusSummary (2 tasks)
12420SME Contribs10.0CONFIRMEDphpki-ng Create and download file has no name
12275SME Contribs10.0CONFIRMEDPHP Warning: Use of undefined constant

Changelog

Only released version in smecontrib are listed here.

smeserver-phpki-ng Changelog: SME 10 (smecontribs)
2023/05/11 Jean-Philippe Pialasse 0.3-22.sme
- fix httpd needs QSD in place of ? [SME: 12354]

2022/12/28 Jean-Philippe Pialasse 0.3-21.sme
- fix chop isntead of chomp for config.php [SME: 12293]

fix PATH not right for exec
2022/12/17 Jean-Philippe Pialasse 0.3-19.sme
- small fixes for config.php and httpd

2022/12/14 Jean-Philippe Pialasse 0.3-18.sme
- revert log/phpki [SME: 12266]
- phpki-ng autopopulate base info from ldap [SME: 11440]
- ensure user are seen by php-pool [SME: 12268]
- safe remote access for crl [SME: 11439]

- 17-18: applying patches
2022/12/13 Jean-Philippe Pialasse 0.3-15.sme
- fix typo preventing httpd-pki to start 2
phpki-ng Changelog: SME 10 (smecontribs)
2022/12/17 Jean-Philippe Pialasse 0.84-16.sme
- add dl_crl_pem.php [SME: 12272]
2022/12/14 Jean-Philippe Pialasse 0.84-15.sme
- fix regex and potential code injection [SME: 12274]

2022/12/14 Jean-Philippe Pialasse 0.84-14.sme
- add easy and safe access to crl download [SME: 12272]
- fix revoke certificate failing on whitespace pass [SME: 12273]
- fix missing default_md in config.php from previous versions [SME: 12267]

- updated scriptlet to ease backup and restore
2022/11/18 Jean-Philippe Pialasse 0.84-13.sme
- remove extra space in URL in search.php [SME: 12232]
2021/09/30 John Crisp 0.84-12.sme
- Attempt to fix the final reload after CA creation [SME: 11192]