deprecated/phpki-ng
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8634821c7ff6529bde5b9147f316cc98cce7c49d
phpki-ng/README.md
radicand f8a55ea9fb Increased cryptographic strength
2012-02-28 08:49:14 +00:00

129 lines
5.2 KiB
Markdown
Raw Blame History

About this fork
===============
Reasons for forking
-------------------
After spending a fair amount of time looking for a basic, relatively full featured internal PKI solution, I came across PHPki on Sourceforge. However, being that I don't enjoy using Sourceforge and that there are a number of improvements I wish to make to this solution, I have forked it into a Github repository. Hopefully others may find this useful.
Main changes
------------
* Changed hash algorithm from MD5 to SHA
Planned changes
---------------
* Remove usage of symlinks.
* Strip out built-in password support -- this can be implemented by the webserver (htaccess) or a bolt-on like SimpleSAMLphp
* Fix CRL subsystem (I found this to not be operational, have not yet investigated)
Original README (0.83)
======================
NOTICE:
This application is designed to be an easy to use "certificate factory"
requiring minimum human intervention to administer. It is intended for
use within a trusted INTRAnet for the creation and management of x.509
e-mail digital certificates by departmental managers. IT IS NOT INTENDED
FOR USE OVER THE INTERNET.
This application stores private keys within a sub-directory, making them
potentially susceptible to compromise. Extra care has been taken in the
design of this application to protect the security of your certificates,
on the condition that you INSTALL IT AS THE ROOT USER. However, no
software is 100% secure, AND NO PROMISES OR GUARANTEES ARE MADE!
REQUIREMENTS:
PHPki was developed and tested on Mandrake and RedHat GNU/Linux systems.
It requires the Apache web server, PHP, and OpenSSL. I do not as yet
know if it is sensitive to particular versions of those resources.
Your web server must be configured with "AllowOverride All" effective
in the directory where PHPki is installed. If you don't know what this
means, then go Googling.
With PHP 5, make sure register_long_arrays in turn on in php.ini or .htaccess.
Otherwise, you may get an error similar to "method=post was not found on this se
rver.
INSTALLATION:
Make sure "AllowOverride All" is set in your Apache configuration file.
This is necessary because PHPki uses .htaccess files to implement HTTP
authentication and to enforce file access restrictions. If you must
change this Apache setting, don't forget to restart Apache.
Unpack the PHPki tarball onto your web server. For example:
cp phpki.tar.gz /var/tmp
cd /var/www/html
tar -xzvf /var/tmp/phpki.tar.gz
To configure the certificate authority and create your root certificate,
point your browser to where you unpacked PHPki. For example:
http://www.domain.com/phpki/
Enter all the requested information into the web form and click the Submit
button. If all goes well, you should see a page telling you that your
root certificate has been created.
To access the PHPki public content menu, point your browser to your
PHPki installation (i.e. http://www.domain.com/phpki/). To access the
PHPki certificate management menu, point your browser to the "ca"
directory under your PHPki installation (i.e. https://www.domain.com/phpki/ca/).
You must use SSL (https://) to access the PHPki certificate management
menu if you have secured the application using the secure.sh script.
SECURITY & USERS:
From a root user shell prompt, run the "secure.sh" shell script in this
directory to set more restrictive Unix file permissions, and to create
the Apache .htaccess files which are necessary to force SSL access, HTTP
authentication, and directory access restrictions. If you don't do this
you will likely be extremely screwed! Don't say you weren't warned.
The secure.sh script will attempt to create a file for your user list
and passwords. If it fails in that attempt, you will have to use Apache's
htpasswd utility to manually create a "phpkipasswd" file in the location
you specified during setup.
htpasswd -cm /var/www/phpkipasswd username
Normal users may only manage the certificates they create. Administrators
can manage all certificates. The default administrator account is
"pkiadmin". The secure.sh script will attempt to add this user to your
phpkipasswd file when it is first created. Other users can be made
administrators by carefully editing the $PHPki_admins assignment in
config/config.php under your certificate store directory.
You may add additional users and change passwords using your browser after
you have successfully installed PHPki and created your phpkipasswd file with
at least one user. Point your browser to http://www.domain.com/phpki/admin/.
UPGRADING:
Install and configure as if it were a first time installation (see above).
Be sure to specify the same root certificate password and user password file
location you used with the previous version.
From the old installation, copy all certificates, crls, and user defaults
to the store directory specified during setup.
rm -fr store_directory/CA
cp -v --archive oldphpki/CA store_directory
cp -v --archive oldphpki/config/user-*.php newphpki/ca/config
These upgrade instructions have not been thoroughly tested and may be
incomplete. Please be sure to fully backup your old PHPki installation before
upgrading.
CONTACT:
Post all correspondence to the PHPki project page
http://sourceforge.net/projects/phpki/
---END OF FILE---
Reference in New Issue View Git Blame Copy Permalink