(PHP 4 >= 4.2.0, PHP 5, PHP 7)
openssl_csr_sign — ����һ��֤��ǩ�� CSR (���߱���) ��������һ��֤��
$csr
, mixed $cacert
, mixed $priv_key
, int $days
[, array $configargs
[, int $serial
= 0
]] ) : resourceopenssl_csr_sign() �Ӹ����� CSR ����һ��x509֤����Դ
Note: ���밲װ��Ч�� openssl.cnf �Ա�֤�˺�����ȷ���С��ο��й���װ��˵���Ի�ø�����Ϣ��
csr
��openssl_csr_new()�������ɵ�CSR. Ҳ������������file://path/to/csr��ʽָ����ָ��PEM�����CSR·����������һ����openssl_csr_export()�������ɵ��ַ�����
cacert
���ɵ�֤�齫��cacert
ǩ����
���cacert
Ϊ NULL
, ���ɵ�֤�齫����ǩ��֤�顣
priv_key
priv_key
��cacert
֤���Ӧ��˽Կ��
days
days
ָ�����ɵ�֤���ڼ�������Ч��ʱ�䳤�ȡ�
configargs
�����ͨ��configargs
ȷ��CSRǩ����
�鿴openssl_csr_new() ������ȡ
configargs
�ĸ��������Ϣ��
serial
��ѡ�ķ���֤���š����û��ָ��Ĭ��ֵΪ0.
�ɹ�������һ�� x509 ֤����Դ��ʧ���� FALSE
.
Example #1 openssl_csr_sign() example - signing a CSR (how to implement your own CA)
<?php
// Let's assume that this script is set to receive a CSR that has
// been pasted into a textarea from another page
$csrdata = $_POST["CSR"];
// We will sign the request using our own "certificate authority"
// certificate. You can use any certificate to sign another, but
// the process is worthless unless the signing certificate is trusted
// by the software/users that will deal with the newly signed certificate
// We need our CA cert and its private key
$cacert = "file://path/to/ca.crt";
$privkey = array("file://path/to/ca.key", "your_ca_key_passphrase");
$usercert = openssl_csr_sign($csrdata, $cacert, $privkey, 365, array('digest_alg'=>'sha256') );
// Now display the generated certificate so that the user can
// copy and paste it into their local configuration (such as a file
// to hold the certificate for their SSL server)
openssl_x509_export($usercert, $certout);
echo $certout;
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
?>