Changes

Changes

847 bytes added , 21:30, 25 October 2023

no edit summary

Line 1: Line 1:

−

{{Note box| For v10 we have created a new update version of PHPKi called PHPKi-ng with fixes and higher security defaults. If you used the previous version you will need to create a new CA and certificates. We have imported the original version to contribs if you really need to use it, but it is not recommended, and will not be generally released}}

===Maintainer===

Line 23: Line 23:

[http://sourceforge.net/projects/phpki/ PHPki] is an Open Source Web application for managing a multi-agency PKI for HIPAA compliance. With it, you may create and centrally manage X.509 certificates for use with S/MIME enabled e-mail clients, SSL servers, and VPN applications. PHPki is now used to manage certificates with the latest release of the [[OpenVPN_Bridge|SME Server OpenVPN Bridge contrib]].

−

You can see a demo installation [http://phpki.sourceforge.net/phpki/ here]

You can see a demo installation [http://phpki.sourceforge.net/phpki/ here.]

=== Requirements ===

−

*SME Server 10.x

−

~~Verified on:~~

−

~~SME Server 10.0 - [[User:RequestedDeletion|RequestedDeletion]]~~

−

{{Warning box|This version of PHPki is a slightly modified version, so it can be used with certificates generated with previous release of smeserver-openvpn-bridge, plus some others minor modifications.

Starting phpki-ng-0.84, default_md has been upgraded to sha512 (previous was sha1). You can keep your existing CA working, but we strongly advise you to upgrade to a new instance, as the weak sha1 hash is a security issue.

}}

=== Installation ===

−

{{Warning box| If openvpn is not detected PHPKi cannot generate a TA Key and it should advise you during install. To generate a TA Key once you have openvpn installed do this (assuming this is the correct directory)

openvpn --genkey --secret /opt/phpki/phpki-store/CA/private/takey.pem

chown phpki:phpki /opt/phpki/phpki-store/CA/private/takey.pem}}

Line 130: Line 125:

{{Note box|If you just installed the [[OpenVPN_Bridge]] contrib and are installing PHPki as suggested by the wiki page, or you just want to use [[PHPki]] without [[OpenVPN_Bridge]] contrib, then you are done here, and you don't have to migrate any certificates}}

{{Note box|starting phpki-ng-0.84-14 new URL are available to access your CRL and request for certificate status

http://www.somewhere.com/phpki/ns_revoke_query.php?

http://www.somewhere.com/phpki/dl_crl.php}}

=== Add another admin ===

−

if you happen to need to delegate ~~certifciate~~ generation, you can use user-panel to add access to the panel, but you will also need to add the user manually to phpki config

if you happen to need to delegate certificate generation, you can use user-panel to add access to the panel, but you will also need to add the user manually to phpki config

edit /opt/phpki/phpki-store/config/config.php<syntaxhighlight lang="php">

Line 144: Line 144:

yum remove smeserver-phpki-ng phpki-ng

expand-template /etc/httpd/conf/httpd.conf

−

~~sv t~~ /service/httpd-e-smith

systemctl restart /service/httpd-e-smith

{{Note box|As with many other rpms, removing phpki won't remove everything from your server. Especially certificates will be kept, and some php files. PHPKi-ng will attempt to backup any old certificates.

Line 150: Line 150:

Certificates and PKI configuration are stored in /opt/phpki/phpki-store, php files are in /opt/phpki/html

−

{{Warning box|~~These~~ files can be very important, so my recommendation is to let them remain here. If you really want to remove them, just backup them before:

{{Warning box|To start from scratch after uninstallation you need to get rid of the html and pkpki-store directories before reinstalling.

The files in phpki-store can be very important, so my recommendation is to let them remain here. If you really want to remove them, just backup them before:

cd /opt/phpki

tar cvzf ~/phpki-backup.tar.gz ./

Now you can remove the entire /opt/phpki directory

rm /opt/phpki/{html,phpki-store} -rf

}}

=== Re-install ===

−

If you have removed the contrib, and want to re-install it, you'll need to follow these steps after you have installed the rpms:

==== before phpki-ng 0.84-14 ====

If you have removed the contrib, and want to re-install it keeping your previous CA (assuming you restored /opt/phpki), you'll need to follow these steps after you have installed the rpms:

cd /opt/phpki/html/

Line 172: Line 176:

=== Bugs ===

−

Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla]

Please raise bugs under the SME-Contribs section in [http://bugs.contribs.org/enter_bug.cgi bugzilla].

−

For the new smeserver-phpki-ng select the smeserver-phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-phpki-ng|title=this link}}

====smeserver-phpki-ng====

For the new smeserver-phpki-ng, select the smeserver-phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=smeserver-phpki-ng|title=this link}}

{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=smeserver-phpki-ng|noresultsmessage="No open bugs found."}}

−

~~Use this for bugs~~ phpki-ng itself {{BugzillaFileBug|product=SME%20Contribs|component=phpki-ng|title=this link}}

====phpki-ng====

For the new phpki-ng itself select the phpki-ng component or use {{BugzillaFileBug|product=SME%20Contribs|component=phpki-ng|title=this link}}

{{#bugzilla:columns=id,product,version,status,summary |sort=id |order=desc |component=phpki-ng|noresultsmessage="No open bugs found."}}

=== Changelog ===

Only released version in smecontrib are listed here.

----

[[Category:Contrib]]

[[Category:Administration:Certificates]]

Gieres

3,054

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/41867...42336"

PHPki (view source)

Revision as of 21:30, 25 October 2023

Navigation menu

Search