(PHP 4 >= 4.2.0, PHP 5, PHP 7)
openssl_csr_new — ����һ�� CSR
$dn
, resource &$privkey
[, array $configargs
[, array $extraattribs
]] ) : mixed
openssl_csr_new() ����dn
�ṩ����Ϣ�����µ�CSR��֤��ǩ������
Note: ���밲װ��Ч�� openssl.cnf �Ա�֤�˺�����ȷ���С��ο��й���װ��˵���Ի�ø�����Ϣ��
dn
��֤����ʹ�õ�ר�����ƻ������ֶΡ�
privkey
privkey
Ӧ�ñ�����Ϊ��openssl_pkey_new()����Ԥ������(������������ʽ��openssl_pkey�������л��)��˽Կ������Կ����Ӧ�������ֽ�����ǩ��CSR.
configargs
Ĭ�ϵģ� ��ͨ����ϵͳ���openssl.conf��������ʼ������ ������ͨ������configargs
��config_section_section����ָ�������ļ����֡�
��������ͨ����config����ֵ����Ϊ����Ҫʹ�õ��ļ�·����ָ����һ��openssl�����ļ��������configargs
�д������м������ǵ���Ϊ������openssl.conf��һ�������±���ʾ��
configargs �� |
type | ��ͬ�� openssl.conf | ���� |
---|---|---|---|
digest_alg | string | default_md | ժҪ�㷨��ǩ����ϣ�㷨��ͨ���� openssl_get_md_methods() ֮һ�� |
x509_extensions | string | x509_extensions | ѡ���ڴ���x509֤��ʱӦ��ʹ����Щ��չ |
req_extensions | string | req_extensions | ����CSRʱ��ѡ��ʹ���ĸ���չ |
private_key_bits | integer | default_bits | ָ��Ӧ��ʹ�ö���λ������˽Կ |
private_key_type | integer | none | ѡ���ڴ���CSRʱӦ��ʹ����Щ��չ����ѡֵ��
OPENSSL_KEYTYPE_DSA ,
OPENSSL_KEYTYPE_DH ,
OPENSSL_KEYTYPE_RSA ��
OPENSSL_KEYTYPE_EC .
Ĭ��ֵ�� OPENSSL_KEYTYPE_RSA .
|
encrypt_key | boolean | encrypt_key | �Ƿ�Ӧ�öԵ�������Կ���������������м���? |
encrypt_key_cipher | integer | none | cipher constants����֮һ�� |
curve_name | string | none | Ҫ��PHP7.1+, openssl_get_curve_names()֮һ�� |
config | string | N/A | �Զ��� openssl.conf �ļ���·���� |
extraattribs
extraattribs
����ΪCSRָ�����������ѡ�dn
��
extraattribs
���ǹ����������ǵļ���ת����OIDs����Ӧ�õ��������ز��֡�
�ɹ�������CSR ������ʧ��ʱ���� FALSE
.
Example #1 ����һ����ǩ����֤��
<?php
// for SSL server certificates the commonName is the domain name to be secured
// for S/MIME email certificates the commonName is the owner of the email address
// location and identification fields refer to the owner of domain or email subject to be secured
$dn = array(
"countryName" => "GB",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "wez@example.com"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey, array('digest_alg' => 'sha256'));
// Generate a self-signed cert, valid for 365 days
$x509 = openssl_csr_sign($csr, null, $privkey, $days=365, array('digest_alg' => 'sha256'));
// Save your private key, CSR and self-signed cert for later use
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($x509, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
?>
Example #2 ��PHP 7.1+�汾�д���һ����ǩ����ECC֤��
<?php
$subject = array(
"commonName" => "docs.php.net",
);
// Generate a new private (and public) key pair
$private_key = openssl_pkey_new(array(
"private_key_type" => OPENSSL_KEYTYPE_EC,
"curve_name" => 'prime256v1',
));
// Generate a certificate signing request
$csr = openssl_csr_new($subject, $private_key, array('digest_alg' => 'sha384'));
// Generate self-signed EC cert
$x509 = openssl_csr_sign($csr, null, $private_key, $days=365, array('digest_alg' => 'sha384'));
openssl_x509_export_to_file($x509, 'ecc-cert.pem');
openssl_pkey_export_to_file($private_key, 'ecc-private.key');
?>