function convert_cert_pkcs12($this_cert_name, $my_pkey_pass, $my_pkcs12_pass) { $config = $_SESSION['config']; $this_filename = substr($this_cert_name, 0, strrpos($this_cert_name, '.')); $name = base64_encode(substr($this_cert_name, 0, strrpos($this_cert_name, '.'))); $ext = substr($this_cert_name, strrpos($this_cert_name, '.')); $my_base64_certfile = $name . $ext; $my_key_filename = $config['key_path'] . $name . $ext; print "<b>Loading key...</b><br/>"; $fp = fopen($my_key_filename, "r") or die('Fatal: Error opening Private Key'); $my_privkey_x509 = fread($fp, filesize($my_key_filename)) or die('Fatal: Error reading Private Key'); fclose($fp) or die('Fatal: Error closing Private Key'); print "Done<br/><br/>\n"; print "<b>Decoding Private key...</b><br/>"; $my_privkey = openssl_pkey_get_private($my_privkey_x509, $my_pkey_pass) or die('Fatal: Error decoding Private Key. Passphrase Incorrect'); print "Done<br/><br/>\n"; print "<b>Loading Certificate...</b><br/>"; $fp = fopen($config['cert_path'] . $my_base64_certfile, "r") or die('Fatal: Error opening Certificate'); $my_cert = fread($fp, filesize($config['cert_path'] . $my_base64_certfile)) or die('Fatal: Error reading Certificate'); fclose($fp) or die('Fatal: Error closing Certificate'); print "Done<br/><br/>\n"; $my_pkcs12_filename = $config['cert_path'] . $name . '.p12'; $my_key_filename = $config['key_path'] . $name . '.p12'; print "<b>Convert Certificate to PKCS#12...</b><br>"; openssl_pkcs12_export_to_file($my_cert, $my_pkcs12_filename, $my_privkey, $my_pkcs12_pass) or die('Fatal: Error converting Certificate to PKCS#12 ' . $my_pkcs12_filename); print "Done\n<br>\n"; print "<b>Download PKCS#12 Certificate:</b>\n<br>\n<br>\n"; ?> <form action="index.php" method="post"> <input type="hidden" name="menuoption" value="download_cert"> <input type="hidden" name="cert_name" value="<?php print $this_filename . '.p12'; ?> "> <input type="submit" value="Download PKCS#12 Certificate"> </form> <BR><BR> <?php }
function test_openssl_pkcs12_export_to_file() { $privkey = openssl_pkey_new(); VERIFY($privkey != null); $csr = openssl_csr_new(null, $privkey); VERIFY($csr != null); $scert = openssl_csr_sign($csr, null, $privkey, 365); $tmp = tempnam('/tmp', 'vmopenssltest'); unlink($tmp); VS(file_get_contents($tmp), false); openssl_pkcs12_export_to_file($scert, $tmp, $privkey, "1234"); VERIFY(strlen(file_get_contents($tmp)) > 400); unlink($tmp); }
public function createUserCert($filename) { $dn = (array) $this; $privateKeyPass = $this->generate_password(); //$filename = dirname(__FILE__) . '/certificate.pfx'; $numberOfDays = 365 * 3; $privateKey = openssl_pkey_new(); $csr = openssl_csr_new($dn, $privateKey); $sscert = openssl_csr_sign($csr, null, $privateKey, $numberOfDays); //create a csr file, change null to a filename to save it if you need to $key = openssl_pkey_get_private($privateKey, $privateKeyPass); //parses the $privateKey and prepares it for use by openssl_pkcs12_export_to_file. openssl_pkcs12_export_to_file($sscert, $filename, $key, $privateKeyPass); //Save the pfx file to $filename return $privateKeyPass; }
/** * Given this Remote Desktop instance, generate files with pkcs12 and * x509 certificate to a given directory using a password for the desktop * and the private key. * * Returns the path to the x509 file. * * @return string */ public function export($directory, $filePrefix, $keyPassword, $overwrite = false) { if (!is_writeable($directory)) { throw new \RuntimeException("Key Export directory is not writable: " . $directory); } $pkcs12File = $directory . "/" . $filePrefix . ".pfx"; $x509File = $directory . "/" . $filePrefix . ".cer"; if (!$overwrite && file_exists($pkcs12File)) { throw new \RuntimeException("PKCS12 File at " . $pkcs12File . " already exists and is not overwritten."); } if (!$overwrite && file_exists($x509File)) { throw new \RuntimeException("X509 Certificate File at " . $x509File . " already exists and is not overwritten."); } $args = array('friendly_name' => 'AzureDistributionBundle for Symfony Tools'); openssl_pkcs12_export_to_file($this->certificate, $pkcs12File, $this->privKey, $keyPassword, $args); openssl_x509_export_to_file($this->certificate, $x509File, true); return $x509File; }
<?php // 建立 .cer/.pfx 证书文件 function _var($mixed, $is_dump = false) { if ($is_dump) { var_dump($mixed); } } $dn = array("countryName" => "CN", "stateOrProvinceName" => "Beijing", "localityName" => "Beijing", "organizationName" => "Eyou", "organizationalUnitName" => "Develop team", "commonName" => "Li Bo", "emailAddress" => "*****@*****.**"); $config = array('config' => '/etc/pki/tls/openssl.cnf', 'encrypt_key' => 1, 'private_key_type' => OPENSSL_KEYTYPE_RSA, "digest_alg" => "sha1", 'x509_extensions' => 'v3_ca', 'private_key_bits' => 1024, "encrypt_key_cipher" => OPENSSL_CIPHER_AES_256_CBC); $privkey = openssl_pkey_new($config); var_dump($privkey); $csr = openssl_csr_new($dn, $privkey); var_dump($csr); $sscert = openssl_csr_sign($csr, null, $privkey, 365); var_dump($sscert); exit; $path = __DIR__ . '/keys'; $path_pub = "{$path}/cert-x509.crt"; $path_priv = "{$path}/cert-pkcs12.pfx"; openssl_csr_export($csr, $csrout) and _var($csrout); openssl_x509_export_to_file($sscert, $path_pub); // export to pfx style // PKCS #12(公钥加密标准 #12)是业界格式,适用于证书及相关私钥的传输、备份和还原。 $pub_key = file_get_contents($path_pub); openssl_pkcs12_export_to_file($pub_key, $path_priv, $privkey, 'mypassword', $config); while (($e = openssl_error_string()) !== false) { echo $e . "\n"; } echo "ok, create certificate/private-key";
public function createpkcs12($c, $k, $p, $a = array('friendly_name' => '', 'extracerts' => ''), $f = false, $d = false) { $key = openssl_pkey_get_private($k, $p); $f === false ? openssl_pkcs12_export($c, $r, $key, $p, $a) : openssl_pkcs12_export_to_file($c, $r, $key, $p, $a); return $r; }
/** * If we're using SecureTransport, we have to translate the certificate to * PKCS12 before passing it to cURL. * * @throws Exception * * @param string $temp_file Filepath to temporary certificate file * * @return void */ protected function _maybe_create_secure_certificate_file($temp_file, $password) { $private_key = openssl_pkey_get_private($this->_certificate); if (false === $private_key) { throw new Exception(__('Failed to retrieve private key during cURL configuration', 'woocommerce-gateway-paypal-express-checkout'), WC_Gateway_PPEC_Client::INVALID_ENVIRONMENT_ERROR); } if (!openssl_pkcs12_export_to_file($this->_certificate, $temp_file, $private_key, $password)) { throw new Exception(__('Failed to export PKCS12 file during cURL configuration', 'woocommerce-gateway-paypal-express-checkout'), WC_Gateway_PPEC_Client::INVALID_ENVIRONMENT_ERROR); } }
if (false !== $autoloader) { include_once $autoloader; } else { $autoloader = stream_resolve_include_path('PEAR2/Autoload.php'); if (false !== $autoloader) { include_once $autoloader; Autoload::initialize(realpath('../src')); Autoload::initialize(realpath('../../Cache_SHM.git/src')); } else { fwrite(STDERR, 'No recognized autoloader is available.'); exit(1); } } unset($autoloader); if (extension_loaded('openssl')) { if (!is_file(__DIR__ . DIRECTORY_SEPARATOR . CERTIFICATE_FILE)) { //Prepare a self signed certificate $configargs = array(); if (strpos(PHP_OS, 'WIN') === 0) { $phpbin = defined('PHP_BINARY') ? PHP_BINARY : getenv('PHP_PEAR_PHP_BIN'); $configargs['config'] = dirname($phpbin) . '/extras/ssl/openssl.cnf'; } $privkey = openssl_pkey_new($configargs); $cert = openssl_csr_sign(openssl_csr_new(array('countryName' => 'US', 'stateOrProvinceName' => 'IRRELEVANT', 'localityName' => 'IRRELEVANT', 'organizationName' => 'PEAR2', 'organizationalUnitName' => 'PEAR2', 'commonName' => 'IRRELEVANT', 'emailAddress' => '*****@*****.**'), $privkey, $configargs), null, $privkey, 2, $configargs); $pem = array(); openssl_x509_export($cert, $pem[0]); openssl_pkey_export($privkey, $pem[1], null, $configargs); openssl_pkcs12_export_to_file($cert, __DIR__ . DIRECTORY_SEPARATOR . CERTIFICATE_FILE . '.pfx', $privkey, null); file_put_contents(__DIR__ . DIRECTORY_SEPARATOR . CERTIFICATE_FILE . '.cer', implode('', $pem)); } }
/** * @param string $fileName * @param string $password * * @throws RuntimeException */ public function exportToFile(string $fileName, string $password = NULL) { $options = []; if ($this->hasChain()) { $options['extracerts'] = $this->getChain(); } $status = openssl_pkcs12_export_to_file($this->getCertificate(), $fileName, $this->getPrivateKey(), $password, $options); if (!$status) { throw new RuntimeException(OpenSSL::getLastError()); } }
function create_cert() { global $file_pkcs12, $file_x509, $file_ca_x509, $file_ca_pkey; global $pass, $config, $dn, $expire_time; $ca_x509 = file_get_contents($file_ca_x509); $ca_pkey = file_get_contents($file_ca_pkey); $req_key = openssl_pkey_new($config); $req_csr = openssl_csr_new($dn, $req_key); // CA sign $req_cert = openssl_csr_sign($req_csr, $ca_x509, [$ca_pkey, $pass], $expire_time); // SELF sign // 自签证书不能验证有效期 //$req_cert = openssl_csr_sign($req_csr, null, $req_key, $expire_time); $ret = openssl_x509_export_to_file($req_cert, $file_x509); if (!$ret) { while ($msg = openssl_error_string()) { echo $msg . "<br />\n"; } echo "-Err, create x509 fail!(" . __LINE__ . ")\n"; exit(1); } $ret = openssl_pkcs12_export_to_file($req_cert, $file_pkcs12, $req_key, $pass); if (!$ret) { while ($msg = openssl_error_string()) { echo $msg . "<br />\n"; } echo "-Err, create pkcs12 fail!(" . __LINE__ . ")\n"; exit(1); } echo "+Ok, create keys succ!\n"; }