/** * @param SigningDetails $dn * @param null $privateKey * @param null $privkeypass * @param int $numberofdays * @return array * @throws \Exception */ function generate(SigningDetails $dn, $privateKey = null, $privkeypass = null, $numberofdays = 365) { if ($privateKey === null) { $privkey = $this->generatePrivateKey(); } elseif (is_string($privateKey)) { $privkey = openssl_pkey_get_private($privateKey); } else { throw new \Exception('Invalid format for private key'); } if (!$privkey) { throw new \Exception('Invalid private key'); } $csr = @openssl_csr_new($dn->toArray(), $privkey); if (!$csr) { throw new \Exception('Failed create signing request. Input likely invalid.'); } $sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays); if (!$sscert) { throw new \Exception('Failed create signing request. Input likely invalid.'); } openssl_x509_export($sscert, $publickey); $privatekey = null; if (!openssl_pkey_export($privkey, $privatekey, $privkeypass)) { throw new \Exception('Private key generatio failed'); } /*$csrStr = null; if(!openssl_csr_export($csr, $csrStr)){ throw new \Exception('CSR generation failed'); }*/ return [$publickey, $privatekey]; }
static public function get_keys($login,$full_name) { $CA_CERT = base_url()."data/key/CA_DOC.csr"; $CA_KEY = base_url()."data/key/CA_DOC_priv.key"; $config = array( "private_key_type"=>OPENSSL_KEYTYPE_RSA, "private_key_bits"=>512 ); $res = openssl_pkey_new($config); $privKey = ''; openssl_pkey_export($res,$privKey); $arr = array( "organizationName" => "Фізична особа", "organizationalUnitName" => "Фізична особа", "commonName" => $full_name, "UID" => $login, "countryName" => "UA" ); $csr = openssl_csr_new($arr,$privKey); $cert = openssl_csr_sign($csr,file_get_contents($CA_CERT),file_get_contents($CA_KEY),730); openssl_x509_export($cert,$str_cert); $public_key = openssl_pkey_get_public($str_cert); $public_key_details = openssl_pkey_get_details($public_key); $public_key_string = $public_key_details['key']; return array('private'=>$privKey,'cert'=>$str_cert,'public'=>$public_key_string); }
function generateSslKeypair($commonName, $keyLength) { $key = openssl_pkey_new(array("private_key_bits" => $keyLength)); $default = getDefaultConfPath(); if (file_exists($default . "/cert-overrides.ini")) { $confFile = $default . "/cert-overrides.ini"; } else { $confFile = $_SERVER["DOCUMENT_ROOT"] . "/conf/cert.ini"; } $certConf = parse_ini_file($confFile, true); $dn = $certConf["dn"]; $dn["commonName"] = $commonName; $cert = openssl_csr_new($dn, $key); // Creating a new X509 Certificate Signing Request if ($e = error_get_last()) { // Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless throw new Exception("Error occured:" . $e["message"]); } $signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => $confFile, "config_section_name" => "csr", "x509_extensions" => "clientx509_ext")); // Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf if (!$signed) { throw new Exception("Error occured while signing certificate"); } openssl_pkey_export($key, $privateKey); // Export private-key to $privateKey openssl_x509_export($signed, $clientCert); // Export signed-certificate to $clientCert without Extra Details return array($clientCert, $privateKey); }
public function makeKeys($distinguishedName, $passphrase = NULL, $certCA = NULL, $keyCA) { // keep track of the distinguished name $this->dn = $distinguishedName; // generate the pem-encoded private key $config = array('digest_alg' => 'sha1', 'private_key_bits' => 1024, 'encrypt_key' => TRUE); $key = openssl_pkey_new($config); // generate the certificate signing request... $csr = openssl_csr_new($this->dn, $key, $config); // and use it to make a self-signed certificate $this->serialNumber = rand(); $cert = openssl_csr_sign($csr, NULL, $key, 365, $config, time()); // make openssl forget the key openssl_free_key($keyCA); // export private and public keys openssl_pkey_export($key, $this->privatekey, $passphrase, $config); //openssl_pkey_export_to_file ( $this->privatekey , "server.key", $passphrase, $config ) openssl_x509_export($cert, $this->certificate); // parse certificate $this->x509 = openssl_x509_parse($cert); if (isset($this->serialNumber)) { $outfilename = '/var/www/html/' . $this->serialNumber; // Gets an exportable representation of a key into a file openssl_pkey_export_to_file($key, $outfilename . '.pem', $passphrase, $config); } openssl_x509_export_to_file($this->certificate, $outfilename . '.crt', TRUE); return TRUE; // end of makeKeys() method }
public function run() { if (strrev($this->input['folder']) !== DIRECTORY_SEPARATOR) { $this->input['folder'] .= DIRECTORY_SEPARATOR; } $files = []; foreach (['pub', 'key', 'crt', 'csr'] as $extension) { $files[$extension] = sprintf('%s%s%s.%s', $this->input['folder'], $this->input['prefix'], $this->input['hostname'], $extension); } foreach ($files as $file) { if (file_exists($file)) { throw new RuntimeException(sprintf('File exist: %s', $file)); } } $dn = array("countryName" => $this->input['country'], "stateOrProvinceName" => $this->input['state-or-province-name'], "localityName" => $this->input['locality-name'], "organizationName" => $this->input['organization-name'], "organizationalUnitName" => $this->input['organizational-unit-name'], "commonName" => $this->input['common-name'], "emailAddress" => $this->input['email-address']); // Create the private and public key $res = openssl_pkey_new(['digest_alg' => $this->input['alg'], 'private_key_bits' => $this->input['bits'], 'private_key_type' => OPENSSL_KEYTYPE_RSA]); // Generate a certificate signing request $csr = openssl_csr_new(array_filter($dn), $res); // Creates a self-signed cert $sscert = openssl_csr_sign($csr, null, $res, $this->input['days']); openssl_csr_export($csr, $out); file_put_contents($files['csr'], $out); // Export certfile openssl_x509_export($sscert, $out); file_put_contents($files['crt'], $out); // Extract the private key from $res to $privKey openssl_pkey_export($res, $out); file_put_contents($files['key'], $out); // Extract the public key from $res to $pubKey $out = openssl_pkey_get_details($res); file_put_contents($files['pub'], $out["key"]); }
function generateSslKeypair($commonName, $mail, $keyLength) { $key = openssl_pkey_new(array("private_key_bits" => $keyLength)); $certConf = parse_ini_file("cert.conf", true); $dn = $certConf["dn"]; $dn["commonName"] = $commonName; $dn["emailAddress"] = $mail; $cert = openssl_csr_new($dn, $key); // Creating a new X509 Certificate Signing Request if ($e = error_get_last()) { // Issues found in parsing the arguments will get a warning. A CSR is created, nonetheless throw new Exception("Error occured:" . $e["message"]); } $signed = openssl_csr_sign($cert, null, $key, $certConf["csr"]["validity_in_days"], array("config" => "../core/cert.conf", "config_section_name" => "csr", "x509_extensions" => "clientx509_ext")); // Self-signed X509 certificate with SHA256 digest and extensions specified in local openssl.conf if (!$signed) { throw new Exception("Error occured while signing certificate"); } openssl_pkey_export($key, $privateKey); // Export private-key to $privateKey openssl_x509_export($signed, $clientCert, FALSE); // Export signed-certificate to $clientCert openssl_x509_export($signed, $publicKey); // Export public-key from the signed-certificate to $publicKey return array($clientCert, $publicKey, $privateKey); }
public function make_request() { $g = stream_context_create(array("ssl" => array("capture_peer_cert" => true))); set_error_handler(function () { return true; }); $r = stream_socket_client("ssl://{$this->target}:{$this->target_port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $g); restore_error_handler(); if (!$r) { return true; } else { $cont = stream_context_get_params($r); $cert = openssl_x509_read($cont["options"]["ssl"]["peer_certificate"]); $cert_data = openssl_x509_parse($cert); openssl_x509_export($cert, $out, FALSE); $signature_algorithm = null; if (preg_match('/^\\s+Signature Algorithm:\\s*(.*)\\s*$/m', $out, $match)) { $signature_algorithm = $match[1]; } $this->sha_type = $signature_algorithm; $this->common_name = $cert_data['subject']['CN']; $this->alternative_names = $cert_data['extensions']['subjectAltName']; $this->issuer = $cert_data['issuer']['O']; $this->valid_from = date('m-d-Y H:i:s', strval($cert_data['validFrom_time_t'])); $this->valid_to = date('m-d-Y H:i:s', strval($cert_data['validTo_time_t'])); $this->parse_alternative_names(); } }
/** * Get the fingerprint from the specified certificate * * @param string $certificate * @return fingerprint or null on failure */ public static function get_fingerprint($certificate, $hash = null) { $fingerprint = null; // The openssl_x509_read() function will throw an warning if the supplied // parameter cannot be coerced into an X509 certificate // @codingStandardsIgnoreStart $resource = @openssl_x509_read($certificate); // @codingStandardsIgnoreEnd if (false !== $resource) { $output = null; $result = openssl_x509_export($resource, $output); if (false !== $result) { $output = str_replace(self::CERTIFICATE_BEGIN, '', $output); $output = str_replace(self::CERTIFICATE_END, '', $output); // Base64 decode $fingerprint = base64_decode($output); // Hash if (null !== $hash) { $fingerprint = hash($hash, $fingerprint); } } // @todo else what to do? } // @todo else what to do? return $fingerprint; }
/** * Exports key of a given SSL certificate * * @param string $url without protocol * @return string $certificateContent */ public function exportPemFromUrl($url) { $certificateResource = $this->loadFromUrl($url); openssl_x509_export($certificateResource, $certificateContent); $certificateContent = str_replace('-----BEGIN CERTIFICATE-----', '', $certificateContent); $certificateContent = str_replace('-----END CERTIFICATE-----', '', $certificateContent); return $certificateContent; }
public static function setUpBeforeClass() { self::$pKey = openssl_pkey_new(); $csr = openssl_csr_new([], self::$pKey); $x509 = openssl_csr_sign($csr, null, self::$pKey, 1); openssl_x509_export($x509, self::$certificate); openssl_x509_free($x509); }
function ocsp_verify_json($raw_cert_data, $raw_next_cert_data, $ocsp_uri) { //uses openssl cli to validate cert status with ocsp global $random_blurp, $timeout; $result = array(); $tmp_dir = '/tmp/'; $root_ca = getcwd() . '/cacert.pem'; $pem_issuer = ""; $pem_client = ""; openssl_x509_export($raw_cert_data, $pem_client); openssl_x509_export_to_file($raw_cert_data, $tmp_dir . $random_blurp . '.cert_client.pem'); openssl_x509_export($raw_next_cert_data, $pem_issuer); openssl_x509_export_to_file($raw_next_cert_data, $tmp_dir . $random_blurp . '.cert_issuer.pem'); $isser_loc = $tmp_dir . $random_blurp . '.cert_issuer.pem'; // Some OCSP's want HTTP/1.1 but OpenSSL does not do that. Add Host header as workaround. $ocsp_host = parse_url($ocsp_uri, PHP_URL_HOST); $output = shell_exec('timeout ' . $timeout . ' | openssl ocsp -no_nonce -CAfile ' . $root_ca . ' -issuer ' . $isser_loc . ' -cert ' . $tmp_dir . $random_blurp . '.cert_client.pem -url "' . escapeshellcmd($ocsp_uri) . '" -header "HOST" "' . escapeshellcmd($ocsp_host) . '" 2>&1'); $filter_output = shell_exec('timeout ' . $timeout . ' | openssl ocsp -no_nonce -CAfile ' . $root_ca . ' -issuer ' . $isser_loc . ' -cert ' . $tmp_dir . $random_blurp . '.cert_client.pem -url "' . escapeshellcmd($ocsp_uri) . '" -header "HOST" "' . escapeshellcmd($ocsp_host) . '" 2>&1 | grep -v -e "to get local issuer certificate" -e "signer certificate not found" -e "Response Verify" -e "' . $tmp_dir . $random_blurp . '.cert_client.pem"'); $output = preg_replace("/[[:blank:]]+/", " ", $output); $ocsp_status_lines = explode("\n", $output); $ocsp_status_lines = array_map('trim', $ocsp_status_lines); foreach ($ocsp_status_lines as $line) { if (endsWith($line, ":") == false) { list($k, $v) = explode(":", $line, 2); if (trim($k)) { $lines[trim($k)] = trim($v); } } } if ($lines[$tmp_dir . $random_blurp . ".cert_client.pem"] == "good") { $result["status"] = "good"; } else { if ($lines[$tmp_dir . $random_blurp . ".cert_client.pem"] == "revoked") { $result["status"] = "revoked"; } else { $result["error"] = $filter_output; $result["status"] = "unknown"; } } if (isset($lines["This Update"])) { $result["this_update"] = $lines["This Update"]; } if (isset($lines["Next Update"])) { $result["next_update"] = $lines["Next Update"]; } if (isset($lines["Reason"])) { $result["reason"] = $lines["Reason"]; } if (isset($lines["Revocation Time"])) { $result["revocation_time"] = $lines["Revocation Time"]; } $result["ocsp_uri"] = $ocsp_uri; //remove temp files after use unlink($tmp_dir . $random_blurp . '.cert_client.pem'); unlink($tmp_dir . $random_blurp . '.cert_issuer.pem'); return $result; }
public function toPem() { $pem = ''; $exported = openssl_x509_export($this->opensslResource, $pem); if (!$exported) { throw new EngineBlock_Exception("Unable to convert certificate to PEM?"); } return $pem; }
public function exportCertificatePem($file) { \debug("OpenSSL CSR: Exporting certificate as PEM: {$file}"); $pem = []; openssl_x509_export($this->signed, $pem[0]); openssl_pkey_export($this->pkey, $pem[1], $this->pkeypass); $pem = implode($pem); file_put_contents($file, $pem); }
function cert_signature_algorithm($raw_cert_data) { $cert_read = openssl_x509_read($raw_cert_data); openssl_x509_export($cert_read, $out, FALSE); $signature_algorithm = null; if (preg_match('/^\\s+Signature Algorithm:\\s*(.*)\\s*$/m', $out, $match)) { $signature_algorithm = $match[1]; } return $signature_algorithm; }
/** * @param array $dn * @param null $passPhrase * * @return string */ public function create(array $dn, $passPhrase = null) { $config = $this->getConfig(); $key = openssl_pkey_new($config); $crt = openssl_csr_new($dn, $key, $config); $crt = openssl_csr_sign($crt, null, $key, 365, $config); $x509 = null; $pKey = null; openssl_x509_export($crt, $x509); openssl_pkey_export($key, $pKey, $passPhrase, $config); return $x509 . $pKey; }
/** * Sign this CSR * * @param security.KeyPair keypair * @param int days default 365 * @param var cacert default NULL * @return security.cert.X509Certificate */ public function sign($keypair, $days = 365, $cacert = NULL) { if (FALSE === ($x509 = openssl_csr_sign($this->_res, $cacert, $keypair->_res, $days))) { trigger_error(implode("\n @", OpenSslUtil::getErrors()), E_USER_NOTICE); throw new CertificateException('Cannot sign certificate'); } if (FALSE === openssl_x509_export($x509, $str)) { trigger_error(implode("\n @", OpenSslUtil::getErrors()), E_USER_NOTICE); throw new CertificateException('Cannot export certificate'); } return X509Certificate::fromString($str); }
/** * Preflight the SSL certificate presented by the backend. This isn't 100% * bulletproof, in that we're not actually validating the transport used to * communicate with Stripe, merely that the first attempt to does not use a * revoked certificate. * * Unfortunately the interface to OpenSSL doesn't make it easy to check the * certificate before sending potentially sensitive data on the wire. This * approach raises the bar for an attacker significantly. * * @param string $url * * @return bool */ public function checkCert($url) { if (!$this->hasStreamExtensions()) { return $this->showStreamExtensionWarning(); } $this->setUrl($url); list($result, $errorNo, $errorStr) = $this->streamSocketClient(); $this->checkResult($result, $errorNo, $errorStr); openssl_x509_export(stream_context_get_params($result)['options']['ssl']['peer_certificate'], $pemCert); $this->checkBlackList($pemCert); return true; }
function create_ssl_cert($pem_file, $pem_passphrase, $pem_dn) { $privkey = openssl_pkey_new(); $cert = openssl_csr_new($pem_dn, $privkey); $cert = openssl_csr_sign($cert, null, $privkey, 365); $pem = array(); openssl_x509_export($cert, $pem[0]); openssl_pkey_export($privkey, $pem[1], $pem_passphrase); $pem = implode($pem); file_put_contents($pem_file, $pem); chmod($pem_file, 0600); }
function cert_signature_algorithm($raw_cert_data) { $cert_read = openssl_x509_read($raw_cert_data); //if param 3 is FALSE, $out is filled with both the PEM file as wel all the contents of `openssl x509 -noout -text -in cert.pem. //we use that to get the signature alg. openssl_x509_export($cert_read, $out, FALSE); $signature_algorithm = null; if (preg_match('/^\\s+Signature Algorithm:\\s*(.*)\\s*$/m', $out, $match)) { $signature_algorithm = $match[1]; } return $signature_algorithm; }
private function createSSLCert() { $privKey = openssl_pkey_new(); $cert = openssl_csr_new(self::$pemDN, $privKey); $cert = openssl_csr_sign($cert, null, $privKey, 365); $pem = []; openssl_x509_export($cert, $pem[0]); openssl_pkey_export($privKey, $pem[1], self::PEM_PASSPHRASE); $pem = implode($pem); file_put_contents($this->pemFile, $pem); chmod($this->pemFile, 0600); }
/** * Generates a new PEM File given the informations * * @param string $pem_file the path of the PEM file to create * @param string $pem_passphrase the passphrase to protect the PEM * file or if you don't want to * use a passphrase * @param string $country_name the country code of the new PEM file. e.g.: EN * @param string $state_or_province_name the state or province name of the new PEM file * @param string $locality_name the name of the locality * @param string $organization_name the name of the organisation. e.g.: MyCompany * @param string $organizational_unit_name the organisation unit name * @param string $common_name the common name * @param string $email_address the email address */ public static function generatePemFile($pem_file, $pem_passphrase, $country_name, $state_or_province_name, $locality_name, $organization_name, $organizational_unit_name, $common_name, $email_address) { // Generate PEM file $dn = array('countryName' => $country_name, 'stateOrProvinceName' => $state_or_province_name, 'localityName' => $locality_name, 'organizationName' => $organization_name, 'organizationalUnitName' => $organizational_unit_name, 'commonName' => $common_name, 'emailAddress' => $email_address); $privkey = openssl_pkey_new(); $cert = openssl_csr_new($dn, $privkey); $cert = openssl_csr_sign($cert, null, $privkey, 365); $pem = array(); openssl_x509_export($cert, $pem[0]); openssl_pkey_export($privkey, $pem[1], $pem_passphrase); $pem = implode($pem); file_put_contents($pem_file, $pem); }
static function certificado_decodificar($certificado) { $resource = openssl_x509_read($certificado); $output = null; $result = openssl_x509_export($resource, $output); if ($result !== false) { $output = str_replace('-----BEGIN CERTIFICATE-----', '', $output); $output = str_replace('-----END CERTIFICATE-----', '', $output); return base64_decode($output); } else { throw new toba_error("El certificado no es un certificado valido", "Detalles: {$certificado}"); } }
function generateKeys($passphrase) { $identity = Zend_Auth::getInstance()->getIdentity(); $dn = array("countryName" => $this->_config->countryName, "stateOrProvinceName" => $this->_config->stateOrProvinceName, "localityName" => $this->_config->localityName, "organizationName" => $this->_config->organizationName, "organizationalUnitName" => $this->_config->organizationUnitName, "commonName" => $identity->firstName . " " . $identity->lastName . "(" . $identity->username . ")", "emailAddress" => $this->_config->emailAddress); $privkey = openssl_pkey_new(); $csr = openssl_csr_new($dn, $privkey); $sscert = openssl_csr_sign($csr, null, $privkey, $this->_config->numberOfDays); openssl_x509_export($sscert, $publickey); openssl_pkey_export($privkey, $privatekey); openssl_csr_export($csr, $csrStr); $this->publicKey = $publickey; $this->privateKey = $this->_encryptPrivateKey($privatekey, $passphrase); }
public function getBase64() { $this->checkLoaded(); $resource = openssl_x509_read($this->cert); $output = null; $result = openssl_x509_export($resource, $output); if ($result !== false) { $output = str_replace('-----BEGIN CERTIFICATE-----', '', $output); $output = str_replace('-----END CERTIFICATE-----', '', $output); return base64_decode($output); } else { throw new \Exception("El certificado no es un certificado valido", "Detalles: {$this->cert}"); } }
protected function execute($arguments = array(), $options = array()) { if (!extension_loaded('openssl')) { throw Exception('this task requires the openssl php extension, see http://www.php.net/openssl'); } $days = null; while (!is_numeric($days)) { $days = $this->ask('The Days of Validity (default:365)'); if (!$days) { $days = 365; } } while (!($phrase = $this->ask('Private Key Phrase'))) { } $country = null; while (!($country = strtoupper($this->ask('Country Name (2 letter code)'))) || strlen($country) != 2) { $this->logBlock('invalid format.', 'ERROR'); } while (!($state = $this->ask('State or Province Name (full name)'))) { } while (!($locality = $this->ask('Locality Name (eg,city)'))) { } while (!($org = $this->ask('Organization Name(eg,company)'))) { } while (!($orgUnit = $this->ask('Organization Unit Name(eg,section)'))) { } while (!($common = $this->ask('Common Name(eg,Your name)'))) { } while (!($email = $this->ask('Email Address'))) { } $dn = array('countryName' => $country, 'stateOrProvinceName' => $state, 'localityName' => $locality, 'organizationName' => $org, 'organizationalUnitName' => $orgUnit, 'commonName' => $common, 'emailAddress' => $email); $dirname = sfConfig::get('sf_plugins_dir') . '/opOpenSocialPlugin/certs'; $filesystem = new sfFilesystem($this->dispatcher, $this->formatter); $filesystem->mkdirs($dirname); $privatekey = openssl_pkey_new(); $csr = openssl_csr_new($dn, $privatekey); $sscert = openssl_csr_sign($csr, null, $privatekey, $days); openssl_x509_export($sscert, $certout); openssl_pkey_export($privatekey, $pkeyout, $phrase); $cert_filename = $dirname . '/public.crt'; file_put_contents($cert_filename, $certout); $this->logSection('file+', $cert_filename); $pkey_filename = $dirname . '/private.key'; file_put_contents($pkey_filename, $pkeyout); $this->logSection('file+', $pkey_filename); $databaseManager = new sfDatabaseManager($this->configuration); Doctrine::getTable('SnsConfig')->set('shindig_private_key_phrase', $phrase); }
function gen_new_keypair($expired = false) { $config = array('private_key_bits' => 384, 'digest_alg' => 'sha1', 'private_key_type' => OPENSSL_KEYTYPE_RSA); $privkey = openssl_pkey_new($config); $pw = "c0nfusa"; $dn = array("countryName" => 'NO', "localityName" => 'Drammen', "organizationName" => 'Austad IT', "commonName" => 'austad.us', "emailAddress" => '*****@*****.**'); $csr = openssl_csr_new($dn, $privkey); if ($expired) { $cert = openssl_csr_sign($csr, null, $privkey, -1); } else { $cert = openssl_csr_sign($csr, null, $privkey, 14); } openssl_pkey_export($privkey, $privkeystr, $pw); openssl_x509_export($cert, $certstr); openssl_csr_export($csr, $csrstr); return array('key' => $privkeystr, 'cert' => $certstr, 'csr' => $csrstr, 'pw' => $pw); }
/** * A method for exporting the certificate. * * @param mixed $password * @return string */ public function export($type = 'x509', $password = null) { if ($this->signed === false) { openssl_csr_export($this->csr, $out); return $out; } else { switch ($type) { case 'x509': openssl_x509_export($this->csr, $out); break; case 'pkcs12': openssl_pkcs12_export($this->csr, $out, $this->keyPair->privateKey, $password); break; } return $out; } }
/** * reads in a certificate file and creates a fingerprint * @param Filename of the certificate * @return fingerprint */ function createCertFingerprint($filename) { if (is_readable($filename)) { $cert = file_get_contents($filename); } else { return false; } $data = openssl_x509_read($cert); if (!openssl_x509_export($data, $data)) { return false; } $data = str_replace("-----BEGIN CERTIFICATE-----", "", $data); $data = str_replace("-----END CERTIFICATE-----", "", $data); $data = base64_decode($data); $fingerprint = sha1($data); $fingerprint = strtoupper($fingerprint); return $fingerprint; }
public function generateCertificate($certData) { $configParams = array("digest_alg" => "sha512", "private_key_bits" => 4096, "private_key_type" => OPENSSL_KEYTYPE_RSA); $privkey = openssl_pkey_new($configParams); //Now, using the private key, we can create the certificate. First we define the certificate parameters: //And then we can create the certificate: $csr = openssl_csr_new($certData, $privkey, $configParams); //Now we sign the certificate using the private key: $duration = 2 * 365; $sscert = openssl_csr_sign($csr, null, $privkey, $duration, $configParams); //Finally we can export the certificate and the private key: openssl_x509_export($sscert, $certout); $password = NULL; openssl_pkey_export($privkey, $pkout, $password, $configParams); //Note that a password is needed to export the private key. If a password is not needed, you must set $password //to NULL (don't set it to empty string as the private key password will be an empty string). return array('privateKey' => $pkout, 'certificate' => $certout); }
public function generateKeyPair($keyPath, $keySize) { // Fill in data for the distinguished name to be used in the cert // You must change the values of these keys to match your name and // company, or more precisely, the name and company of the person/site // that you are generating the certificate for. // For SSL certificates, the commonName is usually the domain name of // that will be using the certificate, but for S/MIME certificates, // the commonName will be the name of the individual who will use the // certificate. $dn = array("countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "*****@*****.**"); // Generate a new private (and public) key pair $privkey = openssl_pkey_new(array('private_key_bits' => $keySize, 'private_key_type' => OPENSSL_KEYTYPE_RSA)); // Generate a certificate signing request $csr = openssl_csr_new($dn, $privkey); // You will usually want to create a self-signed certificate at this // point until your CA fulfills your request. $sscert = openssl_csr_sign($csr, null, $privkey, 365000); // Now you will want to preserve your private key, CSR and self-signed // cert so that they can be installed into your web server, mail server // or mail client (depending on the intended use of the certificate). // This example shows how to get those things into variables, but you // can also store them directly into files. // Typically, you will send the CSR on to your CA who will then issue // you with the "real" certificate. // openssl_csr_export($csr, $csrout); // echo $csrout . "\n"; openssl_x509_export($sscert, $certout); file_put_contents($keyPath . '/public.crt', $certout); openssl_pkey_export($privkey, $pkeyout, "mypassword"); file_put_contents($keyPath . '/private.key', $pkeyout); }