/** * Generate a CSR object with SANs from the given distinguishedName and keyPair. * * @param CertificateRequest $certificateRequest * * @return mixed */ protected function createCsrWithSANsObject(CertificateRequest $certificateRequest) { $sslConfigTemplate = <<<'EOL' [ req ] distinguished_name = req_distinguished_name req_extensions = v3_req [ req_distinguished_name ] [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @req_subject_alt_name [ req_subject_alt_name ] %s EOL; $sslConfigDomains = []; $distinguishedName = $certificateRequest->getDistinguishedName(); $domains = array_merge([$distinguishedName->getCommonName()], $distinguishedName->getSubjectAlternativeNames()); foreach (array_values($domains) as $index => $domain) { $sslConfigDomains[] = 'DNS.' . ($index + 1) . ' = ' . $domain; } $sslConfigContent = sprintf($sslConfigTemplate, implode("\n", $sslConfigDomains)); $sslConfigFile = tempnam(sys_get_temp_dir(), 'acmephp_'); try { file_put_contents($sslConfigFile, $sslConfigContent); $resource = $certificateRequest->getKeyPair()->getPrivateKey()->getResource(); $csr = openssl_csr_new($this->getCSRPayload($distinguishedName), $resource, ['digest_alg' => 'sha256', 'config' => $sslConfigFile]); if (!$csr) { throw new CSRSigningException(sprintf('OpenSSL CSR signing failed with error: %s', openssl_error_string())); } return $csr; } finally { unlink($sslConfigFile); } }