Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: Daniel B. on March 16, 2009, 10:49:12 PM

Title: [ANNOUNCE] smeserver-phpki
Post by: Daniel B. on March 16, 2009, 10:49:12 PM

I've packaged a new contrib for PHPki (http://sourceforge.net/projects/phpki/) (you can see a demo here: here (http://phpki.sourceforge.net/phpki/)
With this contrib, you can manage your own, private PKI. It's main goal is to be used with smeserver-openvpn-bridge, but it's completly independant, and you can use it for any other application which requires X.509 certificates.
You can, for example, generate a custom certificate for apache on your SME server (even with a wildcard *.domain.tld)

More informations on this contrib are available on the wiki: http://wiki.contribs.org/PHPki

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: lancelott2 on October 23, 2009, 06:02:13 AM

hello,

yeah its quite good, but maybe u can help me cos atm i try to find out how i can do a cert for zarafa with it.

:) greetings

lance

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: Daniel B. on October 23, 2009, 08:41:53 AM

Sorry, I don't use zafara, but I think you can create a certificate with usage 'SSL Server'.

Cheers, Daniel

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: lancelott2 on October 23, 2009, 01:37:16 PM

Hello,

yes, to bad that the PHPki is so badly documented *gigles* - some examples for the SME would be usefull too :).
If i find something out i will post it here.

Greetings,

Lance

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: Daniel B. on October 23, 2009, 02:51:25 PM

Please, feel free to update the wiki with more informations.

Regards, Daniel

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: kryptos on July 19, 2010, 04:46:40 AM

Hi all,

We install smeserver-PhPki for our Openvpn connection. Now my problem is how can I delete the certificate I have created ( vpn only clients) instead of just revoking them. And also when I try to renew the certs but it give me an error  that say's   "This was likely caused by entering the wrong certificate password." what password did it requires? I want to renew the certificate because I forgot the password of the connection of this certificate.

Regards,
Rocel

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: Daniel B. on July 22, 2010, 10:22:47 AM

Quote from: kryptos on July 19, 2010, 04:46:40 AM

Now my problem is how can I delete the certificate I have created ( vpn only clients) instead of just revoking them.

It's not possible to completely delete a certificate (well, it can be done manually after being revoked if you edit the file /opt/phpki/phpki-store/CA/index.txt, but it's dangerous as you can corrupt your certificate database). The question is why would you want to delete a certificate instead of just revoking it ?

Quote from: kryptos

And also when I try to renew the certs but it give me an error  that say's   "This was likely caused by entering the wrong certificate password." what password did it requires? I want to renew the certificate because I forgot the password of the connection of this certificate.

Renewing a certificate will use the same CSR, and the same private key as the old one (so the same password). This is an issue with PHPki, as if a private key is compromised, a new private key should be generated if the certificate is renewed. For now, I suggest you just let the old one revoked, and just issue a new certificate with a different common name.

Regards, Daniel

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: kryptos on July 22, 2010, 10:50:02 AM

Hi Daniel,
Good Day!

Quote

It's not possible to completely delete a certificate (well, it can be done manually after being revoked if you edit the file /opt/phpki/phpki-store/CA/index.txt, but it's dangerous as you can corrupt your certificate database). The question is why would you want to delete a certificate instead of just revoking it ?

For housekeeping only because there are a lot users in our office that come and go. So I need the list clean without a lot revoke clients listed on PHPpki.I can imagine what would be like without removing them on them list it could be a lot of mess.

Quote

Renewing a certificate will use the same CSR, and the same private key as the old one (so the same password). This is an issue with PHPki, as if a private key is compromised, a new private key should be generated if the certificate is renewed. For now, I suggest you just let the old one revoked, and just issue a new certificate with a different common name.

That's what I have done so far but I would like the list clean.


Regards,
Rocel

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: Daniel B. on July 22, 2010, 10:55:59 AM

Quote from: kryptos on July 22, 2010, 10:50:02 AM

For housekeeping only because there are a lot users in our office that come and go. So I need the list clean without a lot revoke clients listed on PHPpki.I can imagine what would be like without removing them on them list it could be a lot of mess.

In the manage certificates page, you can just uncheck Revoked and Expired, then apply filter, and only valid certificates will be displayed...


Regards, Daniel

Title: Re: [ANNOUNCE] smeserver-phpki
Post by: kryptos on July 22, 2010, 11:08:46 AM

Quote from: VIP-ire on July 22, 2010, 10:55:59 AM

In the manage certificates page, you can just uncheck Revoked and Expired, then apply filter, and only valid certificates will be displayed...

Thanks Daniel, I never thought of that.