Koozali.org: home of the SME Server

PHPki - Certificate Authority Initial Setup

Offline trevorh

  • 4
  • +0/-0
PHPki - Certificate Authority Initial Setup
« on: January 22, 2023, 10:00:14 AM »
Hi, I recently created the initial setup of the Certificate Authority for Open VPN Bridge, server is Server-Gateway, SME 10.1.
I  want to go back and start over from a clean start, so go through the initial setup steps again.
I cant see any way to do this. Can somebody point me in the right direction please. Thanks, Trevor

Offline mmccarn

  • *
  • 2,626
  • +10/-0
Re: PHPki - Certificate Authority Initial Setup
« Reply #1 on: January 22, 2023, 03:26:52 PM »
There is an uninstall section on the wiki page: https://wiki.koozali.org/PHPki#Uninstall

...but that indicates "...removing phpki won't remove everything from your server..."

My guess is that complete removal requires:
* renaming or removing /opt/phpki
* finding and removing any phpki-specific database or database entries
  (these commands will find things for you; be sure to use correct procedures from the wiki or forums for deleting anything you find...)

  * configuration database
    ls /home/e-smith/db

  * entries in standard databases (config, accounts, domains, hosts)
    grep -il 'php.*ki' /home/e-smith/db/*

* symlinks created during install (eg /etc/??? -> /opt/phpki/???)
    # this will (slowly...) find symlinks to any file in /opt/phpki
    find / -type l |while read l; do ls -l "$l" |sed 's/^[^\/]*//'; done 2>/dev/null |grep -F /opt/phpki


I can think of two reasons that the uninstall does not remove everything:
1) safely removing everything was too complicated to script or document reliably
2) removing everything will break something



Offline trevorh

  • 4
  • +0/-0
Re: PHPki - Certificate Authority Initial Setup
« Reply #2 on: January 22, 2023, 08:30:28 PM »
There is an uninstall section on the wiki page: https://wiki.koozali.org/PHPki#Uninstall

...but that indicates "...removing phpki won't remove everything from your server..."

Good Morning
Thanks for the reply & info. I had found the uninstall info but as you say that does not provide a clean slate.
My main objective is to change the Certificate Password to match previously configured client devices. The wrong password was used in error.

I will try some careful directory renaming first off as its reversible!

Thanks, regards Trevor

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: PHPki - Certificate Authority Initial Setup
« Reply #3 on: January 23, 2023, 04:17:23 AM »
after uninstalling simply remove the /opt/phpki folder.  you might want to backup first your certificates.

then reinstall and you will start from fresh.  you can safely ignore e-smith configuration db entries. 

Offline trevorh

  • 4
  • +0/-0
Re: PHPki - Certificate Authority Initial Setup
« Reply #4 on: January 23, 2023, 10:28:35 AM »
after uninstalling simply remove the /opt/phpki folder.  you might want to backup first your certificates.

then reinstall and you will start from fresh.  you can safely ignore e-smith configuration db entries.

Hi Jean-Philippe
Many thanks for the advice. That worked a treat, all good.
One suggestion, maybe that info could be added on the relevant Wiki page.
There must be others who would like to be able to go back and "reset" this process at times.
Your assistance is greatly appreciated, regards Trevor

Offline Jean-Philippe Pialasse

  • *
  • 2,743
  • +11/-0
  • aka Unnilennium
    • http://smeserver.pialasse.com
Re: PHPki - Certificate Authority Initial Setup
« Reply #5 on: January 23, 2023, 08:54:01 PM »
information was there but not clear. tell me if better ?

Offline ReetP

  • *
  • 3,722
  • +5/-0
Re: PHPki - Certificate Authority Initial Setup
« Reply #6 on: January 23, 2023, 10:06:59 PM »
On uninstall your old certs should be there somewhere in /opt/phpki

Save them.

Should the rpm clean up more on %postun JP? Rename the certs directory like install?

A new install should move them to a randomly named directory if it finds any IIRC?
...
1. Read the Manual
2. Read the Wiki
3. Don't ask for support on Unsupported versions of software
4. I have a job, wife, and kids and do this in my spare time. If you want something fixed, please help.

Bugs are easier than you think: http://wiki.contribs.org/Bugzilla_Help

If you love SME and don't want to lose it, join in: http://wiki.contribs.org/Koozali_Foundation