尝试使用 PHP 中的 shell_exec 通过 openssl 创建证书
Trying to create a certificate through openssl using shell_exec in PHP
我实际上在为自己开发一个小项目,它是一个创建证书签名请求的 Web 应用程序,也是证书 .pem/.crt 及其 .key.
实际问题是我正在尝试 运行:
shell_exec(openssl ca -config ../openssl.cnf -in $CSR_FILE -out $CRT_FILE)
而且我发现问题是在 运行ning 之后这个命令要求我的 CA 密码,然后回答两次是接受证书的创建。我不知道如何让它工作。我已经坚持了将近三天,Google 或 Stack Overflow 都没有答案。
我已经尝试 运行 命令并添加另一个 shell_exec(passphrase),以这种方式传递密码和 "y" 两次。
shell_exec("openssl....","passphrase","y","y")
非常感谢,感谢大家的帮助。
您不必为此使用 shell_exec()。您可以使用 openssl_csr_new() PHP 函数创建自签名证书。
它根据dn提供的信息生成一个新的CSR(Certificate Signing Request),表示要在证书中使用的Distinguished Name。
PHP 生成自签名证书的代码
<?php
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the certificate.
$dn = array(
"countryName" => "UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "wez@example.com"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new();
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server.
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($sscert, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
//save certificate and privatekey to file
file_put_contents("certificate.cer", $certout);
file_put_contents("privatekey.pem", $pkeyout);
?>
我实际上在为自己开发一个小项目,它是一个创建证书签名请求的 Web 应用程序,也是证书 .pem/.crt 及其 .key.
实际问题是我正在尝试 运行:
shell_exec(openssl ca -config ../openssl.cnf -in $CSR_FILE -out $CRT_FILE)
而且我发现问题是在 运行ning 之后这个命令要求我的 CA 密码,然后回答两次是接受证书的创建。我不知道如何让它工作。我已经坚持了将近三天,Google 或 Stack Overflow 都没有答案。
我已经尝试 运行 命令并添加另一个 shell_exec(passphrase),以这种方式传递密码和 "y" 两次。
shell_exec("openssl....","passphrase","y","y")
非常感谢,感谢大家的帮助。
您不必为此使用 shell_exec()。您可以使用 openssl_csr_new() PHP 函数创建自签名证书。
它根据dn提供的信息生成一个新的CSR(Certificate Signing Request),表示要在证书中使用的Distinguished Name。
PHP 生成自签名证书的代码
<?php
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the certificate.
$dn = array(
"countryName" => "UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "wez@example.com"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new();
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server.
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($sscert, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
//save certificate and privatekey to file
file_put_contents("certificate.cer", $certout);
file_put_contents("privatekey.pem", $pkeyout);
?>