Increased cryptographic strength

README.md

@@ -1,8 +1,24 @@
+About this fork
+===============
+
 Reasons for forking
-===================
+-------------------
 
 After spending a fair amount of time looking for a basic, relatively full featured internal PKI solution, I came across PHPki on Sourceforge.  However, being that I don't enjoy using Sourceforge and that there are a number of improvements I wish to make to this solution, I have forked it into a Github repository.  Hopefully others may find this useful.
 
+Main changes
+------------
+
+* Changed hash algorithm from MD5 to SHA
+
+
+Planned changes
+---------------
+
+* Remove usage of symlinks.
+* Strip out built-in password support -- this can be implemented by the webserver (htaccess) or a bolt-on like SimpleSAMLphp
+* Fix CRL subsystem (I found this to not be operational, have not yet investigated)
+
 
 Original README (0.83)
 ======================

openssl.cnf

@@ -14,7 +14,7 @@ crl_extensions		= crl_ext
 default_days		= 365
 default_crl_days	= 30
 preserve	 	= no
-default_md	 	= md5
+default_md	 	= sha512
 
 [ ca ]
 default_ca		= email_cert
@@ -147,7 +147,7 @@ issuerAltName=issuer:copy
 authorityKeyIdentifier=keyid:always,issuer:always
 
 [ req ]
-default_bits		= 1024
+default_bits		= 2048
 default_keyfile		= privkey.pem
 distinguished_name	= req_name
 string_mask		= nombstr