【问题标题】:How to create a digital certificate and export to .p12 file in PHP?如何在 PHP 中创建数字证书并导出到 .p12 文件?
【发布时间】:2012-01-10 15:16:43
【问题描述】:

如何在 PHP 中创建数字证书并导出为 .p12 文件?

我希望 .p12 文件包含私钥。并且还想检查密钥对是否已经发布(登录数据库)。

我找到了一个名为“openssl_pkcs12_export_to_file”的函数,但不知道从哪里开始。看来我需要一个 X509 证书和一个私钥。

【问题讨论】:

    标签: php openssl x509 digital-certificate pkcs#12


    【解决方案1】:
    <?php
    error_reporting(-1);
    
    function dump($Var) {
      echo "<hr/><pre>";
      var_dump($Var);
      echo "</pre><hr/>";
    }
    
    function check_errors() {
      echo "<hr/><pre>";
      $Count = 0;
      while (($e=openssl_error_string())!==false) {
        echo $e."<br>";
        $Count++;
      }
      if ($Count==0)
        echo "No error";
      echo "</pre><hr/>";
    }
    
    $Configs = array(
      "config" => "e:/progetti/php/openssl/openssl.cfg",
      "digest_alg" => "sha1",
      "x509_extensions" => "v3_ca",
      "req_extensions" => "v3_req",
      "private_key_bits" => 1024,
      "private_key_type" => OPENSSL_KEYTYPE_RSA,
      "encrypt_key" => true,
      "encrypt_key_cipher" => OPENSSL_CIPHER_3DES 
    );
    $Info = array(
      "countryName" => "VN",
      "stateOrProvinceName" => "Hanoi",
      "localityName" => "Long Bien",
      "organizationName" => "Test Company",
      "organizationalUnitName" => "Test Department",
      "commonName" => "Tester",
      "emailAddress" => "test@gmail.com"
    );
    
    $Private_Key = null;
    $Unsigned_Cert = openssl_csr_new($Info,$Private_Key,$Configs);
    check_errors();
    dump($Private_Key);
    dump($Unsigned_Cert);
    
    $Signed_Cert = openssl_csr_sign($Unsigned_Cert,null,$Private_Key,365,$Configs);
    check_errors();
    dump($Signed_Cert);
    
    openssl_pkcs12_export_to_file($Signed_Cert,"test.p12",$Private_Key,"123456");
    check_errors();
    

    【讨论】:

      【解决方案2】:

      创建自签名证书:

      <?php
      $dn = array(
          "countryName" => "UK",
          "stateOrProvinceName" => "Somerset",
          "localityName" => "Glastonbury",
          "organizationName" => "The Brain Room Limited",
          "organizationalUnitName" => "PHP Documentation Team",
          "commonName" => "Wez Furlong",
          "emailAddress" => "wez@example.com"
      );
      
      $privkey = openssl_pkey_new();
      $csr = openssl_csr_new($dn, $privkey);
      $sscert = openssl_csr_sign($csr, null, $privkey, 365);
      
      openssl_csr_export($csr, $csrout) and var_dump($csrout);
      openssl_x509_export($sscert, $certout) and var_dump($certout);
      openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
      
      // Show any errors that occurred here
      while (($e = openssl_error_string()) !== false) {
         echo $e . "\n";
      }
      ?>
      

      【讨论】:

        猜你喜欢
        • 1970-01-01
        • 1970-01-01
        • 2015-04-17
        • 1970-01-01
        • 1970-01-01
        • 1970-01-01
        • 2012-03-14
        • 1970-01-01
        • 2011-06-23
        相关资源
        最近更新 更多