我实际上是为自己一个小项目,它是一个Web应用程序,可以创建证书签名请求以及证书.pem/.crt
及其证书.key
。
实际的问题是我正在尝试运行:
shell_exec(openssl ca -config ../openssl.cnf -in $CSR_FILE -out $CRT_FILE)
而且我发现了一个问题,运行此命令后要求输入我的CA密码,随后又两次回答“是”以接受证书的创建。我不知道如何使它工作。我已经坚持了将近三天,Google或Stack Overflow都没有答案。
我尝试运行该命令并添加另一个命令,以shell_exec(passphrase)
这种方式两次传递密码和“ y”。
shell_exec("openssl....","passphrase","y","y")
非常感谢您,我感谢所有帮助。
您不必为此使用shell_exec()
。您可以使用openssl_csr_new() PHP函数创建自签名证书。
它根据dn提供的信息生成一个新的CSR(证书签名请求),该信息代表将在证书中使用的专有名称。
PHP代码以生成自签名证书
<?php
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the certificate.
$dn = array(
"countryName" => "UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "[email protected]"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new();
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server.
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($sscert, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
//save certificate and privatekey to file
file_put_contents("certificate.cer", $certout);
file_put_contents("privatekey.pem", $pkeyout);
?>
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句