Delicious Bookmark this on Delicious Share on Facebook SlashdotSlashdot It! Digg! Digg



PHP : Function Reference : OpenSSL Functions : openssl_csr_sign

openssl_csr_sign

Sign a CSR with another certificate (or itself) and generate a certificate (PHP 4 >= 4.2.0, PHP 5)
resource openssl_csr_sign ( mixed csr, mixed cacert, mixed priv_key, int days [, array configargs [, int serial]] )

Example 1670. openssl_csr_sign() example - signing a CSR (how to implement your own CA)

<?php
// Let's assume that this script is set to receive a CSR that has
// been pasted into a textarea from another page
$csrdata = $_POST["CSR"];

// We will sign the request using our own "certificate authority"
// certificate.  You can use any certificate to sign another, but
// the process is worthless unless the signing certificate is trusted
// by the software/users that will deal with the newly signed certificate

// We need our CA cert and its private key
$cacert = "file://path/to/ca.crt";
$privkey = array("file://path/to/ca.key", "your_ca_key_passphrase");

$userscert = openssl_csr_sign($csrdata, $cacert, $privkey, 365);

// Now display the generated certificate so that the user can
// copy and paste it into their local configuration (such as a file
// to hold the certificate for their SSL server)
openssl_x509_export($usercert, $certout);
echo
$certout;

// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
   echo
$e . "\n";
}
?>

Code Examples / Notes » openssl_csr_sign

eric

To generate a self-signed certificate, pass NULL as the signing certificate (2nd parameter).  For example:
$req_key = openssl_pkey_new();
$dn = array(
   "countryName" => "US",
   "stateOrProvinceName" => "Colorado",
   "organizationName" => "yPass.net",
   "organizationalUnitName" => "yPass.net",
   "commonName" => "yPass.net Root Certificate"
);
$req_csr = openssl_csr_new($dn, $req_key);
$req_cert = openssl_csr_sign($req_csr, NULL, $req_key, 365);


thomas dot lussnig

Here is an sample how to create valid X.509 Public and Private Key (cert/key).
When not using self signed the 4.2.1 segault. You need the CVS code at least for openssl.
<?
Header("Content-Type: text/plain");
$CA_CERT = "CA.cert.pem";
$CA_KEY  = "CA.key.pem";
$req_key = openssl_pkey_new();
if(openssl_pkey_export ($req_key, $out_key)) {
       $dn = array(
               "countryName"            => "DE",
               "stateOrProvinceName"    => "Frankfurt",
               "organizationName"       => "smcc.net",
               "organizationalUnitName" => "E-Mail",
               "commonName"             => "Testcert"
               );
       $req_csr  = openssl_csr_new ($dn, $req_key);
       $req_cert = openssl_csr_sign($req_csr, "file://$CA_CERT", "file://$CA_KEY", 365);
       if(openssl_x509_export ($req_cert, $out_cert)) {
               echo "$out_key\n";
               echo "$out_cert\n";
               }
       else    echo "Failed Cert\n";
       }
else            echo "FailedKey\n";
?>


Change Language


Follow Navioo On Twitter
openssl_csr_export_to_file
openssl_csr_export
openssl_csr_get_public_key
openssl_csr_get_subject
openssl_csr_new
openssl_csr_sign
openssl_error_string
openssl_free_key
openssl_get_privatekey
openssl_get_publickey
openssl_open
openssl_pkcs12_export_to_file
openssl_pkcs12_export
openssl_pkcs12_read
openssl_pkcs7_decrypt
openssl_pkcs7_encrypt
openssl_pkcs7_sign
openssl_pkcs7_verify
openssl_pkey_export_to_file
openssl_pkey_export
openssl_pkey_free
openssl_pkey_get_details
openssl_pkey_get_private
openssl_pkey_get_public
openssl_pkey_new
openssl_private_decrypt
openssl_private_encrypt
openssl_public_decrypt
openssl_public_encrypt
openssl_seal
openssl_sign
openssl_verify
openssl_x509_check_private_key
openssl_x509_checkpurpose
openssl_x509_export_to_file
openssl_x509_export
openssl_x509_free
openssl_x509_parse
openssl_x509_read
eXTReMe Tracker