To follow up on this we are going to push an update to the old existing version 0.82 later today
We are then going to import a new version 0.84-1
This is basically the radicand fork of 0.83
https://github.com/radicand/phpki with some fixes and added SME goodness
It has much stronger encryption and fixes a lot of bugs.
However, there is one big issue.
If you have not used phpki before then just install the new version and create certificates.
If you are using 0.82 it is
not possible to upgrade the existing certificates - we did look at this but it is a non starter. (Upgrading will backup your old certificates)
That means you need to create new CA and user certificates.
We
STRONGLY recommend that you do this for your own benefit. The old certificates have weak encryption by todays standards and you really should upgrade.
We have set the encryption for DH keys for Openvpn to 2048. The CA is 4096 bit, the default md is now sha512 and the minimum for standard certificates is 1024 but can be increased (and we recommend) to 4096 bit (a bug meant you could not select 4096 before!)
(NB - it all sounds impressive - I am no guru on it but know it is a damn sight more secure!!!!!!)
This is a pain - I have loads to upgrade myself!!!!!!
But, for your own security, and your company and client, it is well worth doing.
This version will appear in smedev shortly. Please use it and report any bugs or come and talk to us about it on RocketChat