https://bugs.contribs.org/show_bug.cgi?id=8685
--- Comment #20 from John Crisp <[email protected]> ---
OK - the only bit we need to look at is upgrading some defaults on upgrade.
openssl.cnf
default_md = sha1
update to:
default_md = sha512
[ req ]
default_bits = 1024
Update to 2048
default_bits = 1024
config.php
# CA certificate key size
$config['keysize'] = '1024';
Update to:
$config['keysize'] = '2048';
Add some extra fields like these:
# CRL Distribution points path
$config['crl_distrib'] = 'index.php?stage=dl_crl';
# Certificate Revocation URL
$config['revoke_url'] = 'ns_revoke_query.php?';
Is this the same value as nsCaPolicyUrl ??
# Certificate Authority Policy URL
$config['policy_url'] = 'policy.html';
# Certificate Comment Fields
$config['comment_root'] = 'PHPki/OpenSSL Generated Root Certificate
Authority';
$config['comment_email'] = 'PHPki/OpenSSL Generated Personal Certificate';
$config['comment_sign'] = 'PHPki/OpenSSL Generated Personal Certificate';
$config['comment_srv'] = 'PHPki/OpenSSL Generated Secure Server Certificate';
$config['comment_stamp'] = 'PHPki/OpenSSL Generated Time Stamping
Certificate';
My only other thought is about this.
$PHPki_admins = Array(md5('admin'));
In the updated code it is set as follows:
$PHPki_admins = Array(md5('pkiadmin'));
I could probably write a bit of code to allow the user to update some of this
stuff?
What about updating the DH key from 1024 -> 2048?
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
