openssl_csr_sign
(PHP 4 >= 4.2.0, PHP 5, PHP 7, PHP 8)
openssl_csr_sign — 用另一個證書籤署 CSR (或者本身) 並且產生一個證書
說明
openssl_csr_sign(
mixed
mixed
mixed
int
array
int
): resource
mixed
$csr,mixed
$cacert,mixed
$priv_key,int
$days,array
$configargs = ?,int
$serial = 0): resource
openssl_csr_sign() 從給定的 CSR 產生一個x509證書資源
注意: 必須安裝有效的 openssl.cnf 以保證此函式正確執行。參考有關安裝的說明以獲得更多資訊。
參數
-
csr -
由openssl_csr_new()函式產生的CSR. 也可以是由類似file://path/to/csr格式指定的指向PEM編碼的CSR路徑,或者是一個由openssl_csr_export()函式產生的字串。
-
cacert -
產生的證書將由
cacert簽名。 如果cacert為null, 產生的證書將是自簽名證書。 -
priv_key -
priv_key是cacert證書對應的私鑰。 -
days -
days指定產生的證書在幾天內有效的時間長度。 -
configargs -
你可以通過
configargs確定CSR簽名。 檢視openssl_csr_new() 方法獲取configargs的更多相關資訊。 -
serial -
可選的發行證書編號。如果沒有指定預設值為0.
返回值
成功,返回一個 x509 證書資源,失敗則返回 false .
範例
示例 #1 openssl_csr_sign() example - signing a CSR (how to implement your own CA)
<?php
// Let's assume that this script is set to receive a CSR that has
// been pasted into a textarea from another page
$csrdata = $_POST["CSR"];
// We will sign the request using our own "certificate authority"
// certificate. You can use any certificate to sign another, but
// the process is worthless unless the signing certificate is trusted
// by the software/users that will deal with the newly signed certificate
// We need our CA cert and its private key
$cacert = "file://path/to/ca.crt";
$privkey = array("file://path/to/ca.key", "your_ca_key_passphrase");
$usercert = openssl_csr_sign($csrdata, $cacert, $privkey, 365, array('digest_alg'=>'sha256') );
// Now display the generated certificate so that the user can
// copy and paste it into their local configuration (such as a file
// to hold the certificate for their SSL server)
openssl_x509_export($usercert, $certout);
echo $certout;
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
?>