$response = $apiClient->createAccount($account, $person); if (isset($response["ko"])) { echo json_encode(array("ko" => "ko", "message" => $response["message"])); exit; } } $response = $apiClient->getSerial($account); if (isset($response["ko"])) { echo json_encode(array("ko" => "ko", "message" => $response["message"])); exit; } $serial = $response["serial"]; $openSslConfig = array("digest_alg" => "sha512", "private_key_bits" => 4096, "private_key_type" => OPENSSL_KEYTYPE_RSA); // Create the private and public key $res = openssl_pkey_new($openSslConfig); $dn = array("countryName" => "FR", "stateOrProvinceName" => "France", "organizationName" => "Armagnet", "commonName" => $person["firstname"] . " " . $person["lastname"] . " - " . $serial, "emailAddress" => $person["mail"]); // Create the Certificate Signature Request $csr = openssl_csr_new($dn, $res); openssl_csr_export($csr, $csrout); $result = $apiClient->postCsr($account, $serial, $csrout); $vpnHash = $result["vpn_id"]; $keyPath = $config["openvpn"]["config"] . "_{$vpnHash}"; $defaultPassword = "******"; // Extract the private key from $res to $privKey // No password for openvpn in deamon mode openssl_pkey_export($res, $privKey, $defaultPassword); // Find a better way file_put_contents($keyPath . ".pkey", $privKey); shell_exec("openssl pkey -in {$keyPath}" . ".pkey -passin pass:{$defaultPassword} -out {$keyPath}" . ".key"); unlink("{$keyPath}" . ".pkey"); echo json_encode(array("ok" => "ok", "vpnHash" => $vpnHash));