(PHP 4 >= 4.2.0, PHP 5, PHP 7)
openssl_csr_new — 锟斤拷锟斤拷一锟斤拷 CSR
$dn
, resource &$privkey
[, array $configargs
[, array $extraattribs
]] ) : mixed
openssl_csr_new() 锟斤拷锟斤拷dn锟结供锟斤拷锟斤拷息锟斤拷锟斤拷锟铰碉拷CSR锟斤拷证锟斤拷签锟斤拷锟斤拷锟襟)★拷
Note: 锟斤拷锟诫安装锟斤拷效锟斤拷 openssl.cnf 锟皆憋拷证锟剿猴拷锟斤拷锟斤拷确锟斤拷锟叫★拷锟轿匡拷锟叫癸拷锟斤拷装锟斤拷说锟斤拷锟皆伙拷酶锟斤拷锟斤拷锟较拷锟�
dn锟斤拷证锟斤拷锟斤拷使锟矫碉拷专锟斤拷锟斤拷锟狡伙拷锟斤拷锟斤拷锟街段★拷
privkey
privkey 应锟矫憋拷锟斤拷锟斤拷为锟斤拷openssl_pkey_new()锟斤拷锟斤拷预锟斤拷锟斤拷锟斤拷(锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷式锟斤拷openssl_pkey锟斤拷锟斤拷锟斤拷锟叫伙拷锟�)锟斤拷私钥锟斤拷锟斤拷锟斤拷钥锟斤拷锟斤拷应锟斤拷锟斤拷锟斤拷锟街斤拷锟斤拷锟斤拷签锟斤拷CSR.
configargs
默锟较的o拷 锟斤拷通锟斤拷锟斤拷系统锟斤拷锟�openssl.conf锟斤拷锟斤拷锟斤拷锟斤拷始锟斤拷锟斤拷锟斤拷 锟斤拷锟斤拷锟斤拷通锟斤拷锟斤拷锟斤拷configargs锟斤拷config_section_section锟斤拷锟斤拷指锟斤拷锟斤拷锟斤拷锟侥硷拷锟斤拷锟街★拷
锟斤拷锟斤拷锟斤拷锟斤拷通锟斤拷锟斤拷config锟斤拷锟斤拷值锟斤拷锟斤拷为锟斤拷锟斤拷要使锟矫碉拷锟侥硷拷路锟斤拷锟斤拷指锟斤拷锟斤拷一锟斤拷openssl锟斤拷锟斤拷锟侥硷拷锟斤拷锟斤拷锟斤拷锟�configargs锟叫达拷锟斤拷锟斤拷锟叫硷拷锟斤拷锟斤拷锟角碉拷锟斤拷为锟斤拷锟斤拷锟斤拷openssl.conf锟斤拷一锟斤拷锟斤拷锟斤拷锟铰憋拷锟斤拷示锟斤拷
configargs 锟斤拷 |
type | 锟斤拷同锟斤拷 openssl.conf | 锟斤拷锟斤拷 |
|---|---|---|---|
| digest_alg | string | default_md | 摘要锟姐法锟斤拷签锟斤拷锟斤拷希锟姐法锟斤拷通锟斤拷锟斤拷 openssl_get_md_methods() 之一锟斤拷 |
| x509_extensions | string | x509_extensions | 选锟斤拷锟节达拷锟斤拷x509证锟斤拷时应锟斤拷使锟斤拷锟斤拷些锟斤拷展 |
| req_extensions | string | req_extensions | 锟斤拷锟斤拷CSR时锟斤拷选锟斤拷使锟斤拷锟侥革拷锟斤拷展 |
| private_key_bits | integer | default_bits | 指锟斤拷应锟斤拷使锟矫讹拷锟斤拷位锟斤拷锟斤拷锟斤拷私钥 |
| private_key_type | integer | none | 选锟斤拷锟节达拷锟斤拷CSR时应锟斤拷使锟斤拷锟斤拷些锟斤拷展锟斤拷锟斤拷选值锟斤拷
OPENSSL_KEYTYPE_DSA,
OPENSSL_KEYTYPE_DH,
OPENSSL_KEYTYPE_RSA 锟斤拷
OPENSSL_KEYTYPE_EC.
默锟斤拷值锟斤拷 OPENSSL_KEYTYPE_RSA.
|
| encrypt_key | boolean | encrypt_key | 锟角凤拷应锟矫对碉拷锟斤拷锟斤拷锟斤拷钥锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷铮╋拷锟斤拷屑锟斤拷锟�? |
| encrypt_key_cipher | integer | none | cipher constants锟斤拷锟斤拷之一锟斤拷 |
| curve_name | string | none | 要锟斤拷PHP7.1+, openssl_get_curve_names()之一锟斤拷 |
| config | string | N/A | 锟皆讹拷锟斤拷 openssl.conf 锟侥硷拷锟斤拷路锟斤拷锟斤拷 |
extraattribs
extraattribs 锟斤拷锟斤拷为CSR指锟斤拷锟斤拷锟斤拷锟斤拷锟斤拷锟窖★拷睢�dn 锟斤拷
extraattribs 锟斤拷锟角癸拷锟斤拷锟斤拷锟斤拷锟斤拷锟角的硷拷锟斤拷转锟斤拷锟斤拷OIDs锟斤拷锟斤拷应锟矫碉拷锟斤拷锟斤拷锟斤拷锟截诧拷锟街★拷
锟缴癸拷锟斤拷锟斤拷锟斤拷CSR 锟斤拷锟斤拷锟斤拷失锟斤拷时锟斤拷锟斤拷 FALSE.
Example #1 锟斤拷锟斤拷一锟斤拷锟斤拷签锟斤拷锟斤拷证锟斤拷
<?php
// for SSL server certificates the commonName is the domain name to be secured
// for S/MIME email certificates the commonName is the owner of the email address
// location and identification fields refer to the owner of domain or email subject to be secured
$dn = array(
"countryName" => "GB",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "wez@example.com"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey, array('digest_alg' => 'sha256'));
// Generate a self-signed cert, valid for 365 days
$x509 = openssl_csr_sign($csr, null, $privkey, $days=365, array('digest_alg' => 'sha256'));
// Save your private key, CSR and self-signed cert for later use
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($x509, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
?>
Example #2 锟斤拷PHP 7.1+锟芥本锟叫达拷锟斤拷一锟斤拷锟斤拷签锟斤拷锟斤拷ECC证锟斤拷
<?php
$subject = array(
"commonName" => "docs.php.net",
);
// Generate a new private (and public) key pair
$private_key = openssl_pkey_new(array(
"private_key_type" => OPENSSL_KEYTYPE_EC,
"curve_name" => 'prime256v1',
));
// Generate a certificate signing request
$csr = openssl_csr_new($subject, $private_key, array('digest_alg' => 'sha384'));
// Generate self-signed EC cert
$x509 = openssl_csr_sign($csr, null, $private_key, $days=365, array('digest_alg' => 'sha384'));
openssl_x509_export_to_file($x509, 'ecc-cert.pem');
openssl_pkey_export_to_file($private_key, 'ecc-private.key');
?>