Description
bool
openssl_csr_new ( array dn,
resource privkey [, array configargs [, array
extraattribs]])
openssl_csr_new() generates a
new CSR (Certificate Signing Request) based on the
information provided by dn,
which represents the Distinguished Name to be used in the
certificate.
privkey should be set
to a private key that was previously generated by
openssl_pkey_new() (or otherwise obtained from the
other openssl_pkey family of functions). The corresponding
public portion of the key will be used to sign the CSR.
extraattribs is used
to specify additional configuration options for the CSR. Both
dn and extraattribs are associative arrays
whose keys are converted to OIDs and applied to the relevant
part of the request.
注: You need to have a valid openssl.cnf installed for this function
to operate correctly. See the notes under the installation
section for more information.
By default, the information in your system openssl.conf is used to initialize the
request; you can specify a configuration file section by
setting the config_section_section
key of configargs. You can
also specify and alternative openssl configuration file by
setting the config key to the path
of the file you want to use. The following keys, if present
in configargs behave as
their equivalents in the
openssl.conf, as listed in the table below.
表格 1. Configuration overrides
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Specifies the type
of private key to create. This can be one of OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH or
OPENSSL_KEYTYPE_RSA.
The default value is
OPENSSL_KEYTYPE_RSA which is currently the
only supported key type. |
|
|
|
Should an exported
key (with passphrase) be encrypted? |
成功回傳TRUE失敗回傳FALSE。
範例 1. openssl_csr_new()
example - creating a self-signed-certificate
// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$dn = array(
"countryName" = "UK",
"stateOrProvinceName" = "Somerset",
"localityName" = "Glastonbury",
"organizationName" = "The Brain Room Limited",
"organizationalUnitName" = "PHP Documentation Team",
"commonName" = "Wez Furlong",
"emailAddress" = "wez@php.net"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new();
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
openssl_csr_export($csr, $csrout) and debug_zval_dump($csrout);
openssl_x509_export($sscert, $certout) and debug_zval_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and debug_zval_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
|
|