openssl_csr_new
(PHP 4 >= 4.2.0, PHP 5, PHP 7)
openssl_csr_new — Generates a CSR
描述
mixed openssl_csr_new ( array $dn , resource &$privkey [, array $configargs [, array $extraattribs ]] )
openssl_csr_new()根据提供的信息生成新的 CSR(证书签名请求)dn
。
参数
dn
要在证书中使用的专有名称或主题字段。
privkey
privkey
应该设置为先前由 openssl_pkey_new()生成的私钥(或以其他方式从其他 openssl_pkey函数族获得)。密钥的相应公开部分将用于签署 CSR。
configargs
默认情况下,系统 openssl.conf 中的信息用于初始化请求; 您可以通过设置 config_section_section 键来指定配置文件部分configargs
。您还可以通过将 config 密钥的值设置为您要使用的文件的路径来指定一个替代 openssl 配置文件。下列关键字(如果存在)在 openssl.conf 中的configargs
行为与它们的等效关系相同,如下表所列。
configargs key | type | openssl.conf equivalent | description |
---|---|---|---|
digest_alg | string | default_md | Digest method or signature hash, usually one of openssl_get_md_methods() |
x509_extensions | string | x509_extensions | Selects which extensions should be used when creating an x509 certificate |
req_extensions | string | req_extensions | Selects which extensions should be used when creating a CSR |
private_key_bits | integer | default_bits | Specifies how many bits should be used to generate a private key |
private_key_type | integer | none | Specifies the type of private key to create. This can be one of OPENSSL_KEYTYPE_DSA, OPENSSL_KEYTYPE_DH, OPENSSL_KEYTYPE_RSA or OPENSSL_KEYTYPE_EC. The default value is OPENSSL_KEYTYPE_RSA. |
encrypt_key | boolean | encrypt_key | Should an exported key (with passphrase) be encrypted? |
encrypt_key_cipher | integer | none | One of cipher constants. |
curve_name | string | none | PHP 7.1+, One of openssl_get_curve_names(). |
config | string | N/A | Path to your own alternative openssl.conf file. |
extraattribs
extraattribs
用于指定 CSR 的其他配置选项。两个dn
和extraattribs
是关联数组,其键被转换成的 OID 和施加到该请求的有关部分。
返回值
返回 CSR 或FALSE
失败。
例子
示例#1 创建自签名证书
<?php
//?for?SSL?server?certificates?the?commonName?is?the?domain?name?to?be?secured
//?for?S/MIME?email?certificates?the?commonName?is?the?owner?of?the?email?address
//?location?and?identification?fields?refer?to?the?owner?of?domain?or?email?subject?to?be?secured
$dn?=?array(
????"countryName"?=>?"GB",
????"stateOrProvinceName"?=>?"Somerset",
????"localityName"?=>?"Glastonbury",
????"organizationName"?=>?"The?Brain?Room?Limited",
????"organizationalUnitName"?=>?"PHP?Documentation?Team",
????"commonName"?=>?"Wez?Furlong",
????"emailAddress"?=>?"wez@example.com"
);
//?Generate?a?new?private?(and?public)?key?pair
$privkey?=?openssl_pkey_new(array(
????"private_key_bits"?=>?2048,
????"private_key_type"?=>?OPENSSL_KEYTYPE_RSA,
));
//?Generate?a?certificate?signing?request
$csr?=?openssl_csr_new($dn,?$privkey,?array('digest_alg'?=>?'sha256'));
//?Generate?a?self-signed?cert,?valid?for?365?days
$x509?=?openssl_csr_sign($csr,?null,?$privkey,?$days=365,?array('digest_alg'?=>?'sha256'));
//?Save?your?private?key,?CSR?and?self-signed?cert?for?later?use
openssl_csr_export($csr,?$csrout)?and?var_dump($csrout);
openssl_x509_export($x509,?$certout)?and?var_dump($certout);
openssl_pkey_export($privkey,?$pkeyout,?"mypassword")?and?var_dump($pkeyout);
//?Show?any?errors?that?occurred?here
while?(($e?=?openssl_error_string())?!==?false)?{
????echo?$e?.?"\n";
}
?>
Example#2在 PHP 7.1+中创建一个自签名的 ECC 证书
<?php
$subject?=?array(
????"commonName"?=>?"docs.php.net",
);
//?Generate?a?new?private?(and?public)?key?pair
$private_key?=?openssl_pkey_new(array(
????"private_key_type"?=>?OPENSSL_KEYTYPE_EC,
????"curve_name"?=>?'prime256v1',
));
//?Generate?a?certificate?signing?request
$csr?=?openssl_csr_new($subject,?$private_key,?array('digest_alg'?=>?'sha384'));
//?Generate?self-signed?EC?cert
$x509?=?openssl_csr_sign($csr,?null,?$private_key,?$days=365,?array('digest_alg'?=>?'sha384'));
openssl_x509_export_to_file($x509,?'ecc-cert.pem');
openssl_pkey_export_to_file($private_key,?'ecc-private.key');
?>
本文档系腾讯云开发者社区成员共同维护,如有问题请联系 cloudcommunity@tencent.com