openssl_csr_new

openssl_csr_new

Generates a CSR

 **openssl_csr_new** array $distinguished_names  $private_key  $options  $extra_attributes

generates a new 

based on the information provided by . openssl_csr_new``distinguished_names

distinguished_names The Distinguished Name or subject fields to be included in the certificate. The is an associative array where the keys represent the attribute names of Distinguished Names and the values can either be strings (for single value) or arrays (if multiple values need to be set). distinguished_names

private_key should be set to a private key that was previously generated by (or otherwise obtained from the other openssl_pkey family of functions), or null variable. If its value is null variable, a new private key is generated based on the supplied and assigned to supplied variable. The corresponding public portion of the key will be used to sign the . private_key``openssl_pkey_new``options

options By default, the information in your system is used to initialize the request; you can specify a configuration file section by setting the key in . You can also specify an alternative OpenSSL configuration file by setting the value of the key to the path of the file you want to use. The following keys, if present in behave as their equivalents in the , as listed in the table below.

  `openssl.conf``config_section_section``options``config``options``openssl.conf`

extra_attributes is used to specify additional attributes for the . It is an associative arrays where the keys are converted to OIDs and applied as attributes. extra_attributes

Returns the on success, true if creation is successful but signing failsreturn.falseforfailure.

Voorbeeld: Creating a self-signed certificate

<?php
// for SSL server certificates the commonName is the domain name to be secured
// for S/MIME email certificates the commonName is the owner of the email address
// location and identification fields refer to the owner of domain or email subject to be secured
$dn = array(
    "countryName" => "GB",
    "stateOrProvinceName" => "Somerset",
    "localityName" => "Glastonbury",
    "organizationName" => "The Brain Room Limited",
    "organizationalUnitName" => "PHP Documentation Team",
    "commonName" => "Wez Furlong",
    "emailAddress" => "wez@example.com"
);

// Generate a new private (and public) key pair
$privkey = openssl_pkey_new(array(
    "private_key_bits" => 2048,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
));

// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey, array('digest_alg' => 'sha256'));

// Generate a self-signed cert, valid for 365 days
$x509 = openssl_csr_sign($csr, null, $privkey, $days=365, array('digest_alg' => 'sha256'));

// Save your private key, CSR and self-signed cert for later use
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($x509, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);

// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
    echo $e . "\n";
}
?>

Voorbeeld: Creating a self-signed ECC certificate (as of PHP 7.1.0)

<?php
$subject = array(
    "commonName" => "docs.php.net",
);

// Generate a new private (and public) key pair
$private_key = openssl_pkey_new(array(
    "private_key_type" => OPENSSL_KEYTYPE_EC,
    "curve_name" => 'prime256v1',
));

// Generate a certificate signing request
$csr = openssl_csr_new($subject, $private_key, array('digest_alg' => 'sha384'));

// Generate self-signed EC cert
$x509 = openssl_csr_sign($csr, null, $private_key, $days=365, array('digest_alg' => 'sha384'));
openssl_x509_export_to_file($x509, 'ecc-cert.pem');
openssl_pkey_export_to_file($private_key, 'ecc-private.key');
?>

openssl_csr_sign