📄 function.openssl-csr-sign.html
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head> <title>Sign a CSR with another certificate (or itself) and generate a certificate</title> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body><div style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-new.html">openssl_csr_new</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.openssl-error-string.html">openssl_error_string</a></div> <div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div></div><hr /><div id="function.openssl-csr-sign" class="refentry"> <div class="refnamediv"> <h1 class="refname">openssl_csr_sign</h1> <p class="verinfo">(PHP 4 >= 4.2.0, PHP 5)</p><p class="refpurpose"><span class="refname">openssl_csr_sign</span> — <span class="dc-title">Sign a CSR with another certificate (or itself) and generate a certificate</span></p> </div> <div class="refsect1 description"> <h3 class="title">Description</h3> <div class="methodsynopsis dc-description"> <span class="type">resource</span> <span class="methodname"><b><b>openssl_csr_sign</b></b></span> ( <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <tt class="parameter">$csr</tt></span> , <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <tt class="parameter">$cacert</tt></span> , <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <tt class="parameter">$priv_key</tt></span> , <span class="methodparam"><span class="type">int</span> <tt class="parameter">$days</tt></span> [, <span class="methodparam"><span class="type">array</span> <tt class="parameter">$configargs</tt></span> [, <span class="methodparam"><span class="type">int</span> <tt class="parameter">$serial</tt></span> ]] )</div> <p class="para rdfs-comment"> <b>openssl_csr_sign()</b> generates an x509 certificate resource from the given CSR. </p> <blockquote><p><b class="note">Note</b>: <span class="simpara"> You need to have a valid <var class="filename">openssl.cnf</var> installed for this function to operate correctly. See the notes under <a href="openssl.installation.html" class="link">the installation section</a> for more information. </span></p></blockquote> </div> <div class="refsect1 parameters"> <h3 class="title">Parameters</h3> <p class="para"> <dl> <dt> <span class="term"><i><tt class="parameter">csr</tt></i></span> <dd> <p class="para"> A CSR previously generated by <a href="function.openssl-csr-new.html" class="function">openssl_csr_new()</a>. It can also be the path to a PEM encoded CSR when specified as <var class="filename">file://path/to/csr</var> or an exported string generated by <a href="function.openssl-csr-export.html" class="function">openssl_csr_export()</a>. </p> </dd> </dt> <dt> <span class="term"><i><tt class="parameter">cacert</tt></i></span> <dd> <p class="para"> The generated certificate will be signed by <i><tt class="parameter">cacert</tt></i>. If <i><tt class="parameter">cacert</tt></i> is <b><tt>NULL</tt></b>, the generated certificate will be a self-signed certificate. </p> </dd> </dt> <dt> <span class="term"><i><tt class="parameter">priv_key</tt></i></span> <dd> <p class="para"> <i><tt class="parameter">priv_key</tt></i> is the private key that corresponds to <i><tt class="parameter">cacert</tt></i>. </p> </dd> </dt> <dt> <span class="term"><i><tt class="parameter">days</tt></i></span> <dd> <p class="para"> <i><tt class="parameter">days</tt></i> specifies the length of time for which the generated certificate will be valid, in days. </p> </dd> </dt> <dt> <span class="term"><i><tt class="parameter">configargs</tt></i></span> <dd> <p class="para"> You can finetune the CSR signing by <i><tt class="parameter">configargs</tt></i>. See <a href="function.openssl-csr-new.html" class="function">openssl_csr_new()</a> for more information about <i><tt class="parameter">configargs</tt></i>. </p> </dd> </dt> <dt> <span class="term"><i><tt class="parameter">serial</tt></i></span> <dd> <p class="para"> An optional the serial number of issued certificate. If not specified it will default to 0. </p> </dd> </dt> </dl> </p> </div> <div class="refsect1 returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns an x509 certificate resource on success, <b><tt>FALSE</tt></b> on failure. </p> </div> <div class="refsect1 changelog"> <h3 class="title">ChangeLog</h3> <p class="para"> <table class="informaltable"> <colgroup> <thead valign="middle"> <tr valign="middle"> <th colspan="1">Version</th> <th colspan="1">Description</th> </tr> </thead> <tbody valign="middle" class="tbody"> <tr valign="middle"> <td colspan="1" rowspan="1" align="left">4.3.3</td> <td colspan="1" rowspan="1" align="left"> The <i><tt class="parameter">serial</tt></i> parameter was added. </td> </tr> </tbody> </colgroup> </table> </p> </div> <div class="refsect1 examples"> <h3 class="title">Examples</h3> <p class="para"> <div class="example"> <p><b>Example #1 <b>openssl_csr_sign()</b> example - signing a CSR (how to implement your own CA)</b></p> <div class="example-contents"><div class="phpcode"><code><span style="color: #000000"><span style="color: #0000BB"><?php<br /></span><span style="color: #FF8000">// Let's assume that this script is set to receive a CSR that has<br />// been pasted into a textarea from another page<br /></span><span style="color: #0000BB">$csrdata </span><span style="color: #007700">= </span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">"CSR"</span><span style="color: #007700">];<br /><br /></span><span style="color: #FF8000">// We will sign the request using our own "certificate authority"<br />// certificate. You can use any certificate to sign another, but<br />// the process is worthless unless the signing certificate is trusted<br />// by the software/users that will deal with the newly signed certificate<br /><br />// We need our CA cert and its private key<br /></span><span style="color: #0000BB">$cacert </span><span style="color: #007700">= </span><span style="color: #DD0000">"file://path/to/ca.crt"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$privkey </span><span style="color: #007700">= array(</span><span style="color: #DD0000">"file://path/to/ca.key"</span><span style="color: #007700">, </span><span style="color: #DD0000">"your_ca_key_passphrase"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$userscert </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_csr_sign</span><span style="color: #007700">(</span><span style="color: #0000BB">$csrdata</span><span style="color: #007700">, </span><span style="color: #0000BB">$cacert</span><span style="color: #007700">, </span><span style="color: #0000BB">$privkey</span><span style="color: #007700">, </span><span style="color: #0000BB">365</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">// Now display the generated certificate so that the user can<br />// copy and paste it into their local configuration (such as a file<br />// to hold the certificate for their SSL server)<br /></span><span style="color: #0000BB">openssl_x509_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$usercert</span><span style="color: #007700">, </span><span style="color: #0000BB">$certout</span><span style="color: #007700">);<br />echo </span><span style="color: #0000BB">$certout</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">// Show any errors that occurred here<br /></span><span style="color: #007700">while ((</span><span style="color: #0000BB">$e </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_error_string</span><span style="color: #007700">()) !== </span><span style="color: #0000BB">false</span><span style="color: #007700">) {<br /> echo </span><span style="color: #0000BB">$e </span><span style="color: #007700">. </span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?></span></span></code></div> </div> </div> </p> </div></div><hr /><div style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-new.html">openssl_csr_new</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.openssl-error-string.html">openssl_error_string</a></div> <div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div></div></body></html>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -