dongpangzan6425 2015-06-10 08:13 采纳率: 100%
浏览 199
已采纳

尝试使用PHP中的shell_exec通过openssl创建证书

I'm actually working in a small project for myself, is a Web Application that creates Certificate Signing Request also the certificate .pem/.crt and its .key.

The actual problem is that I'm trying to run:

shell_exec(openssl ca -config ../openssl.cnf -in $CSR_FILE -out $CRT_FILE)

And I find the problem that after running this command is asking for my CA passphrase, and later on answering Yes twice to accept the creation of the certificate. I can't figure it out how to make it work. I've been stuck with that for almost three days, neither Google or Stack Overflow has an anwser.

I've tried to run the command and add another shell_exec(passphrase) also, passing passphrase and "y" twice this way.

shell_exec("openssl....","passphrase","y","y")

Thank you very much, i appreciate all help.

  • 写回答

1条回答 默认 最新

  • dpvr49226 2015-08-08 06:12
    关注

    You don't have to use shell_exec() for this. You can create slef signed certificate by using openssl_csr_new() PHP function.

    It generates a new CSR (Certificate Signing Request) based on the information provided by dn, which represents the Distinguished Name to be used in the certificate.

    PHP Code to generate self-signed-certificate

    <?php 
    // For SSL certificates, the  commonName is usually the domain name of
    // that will be using the certificate, but for S/MIME certificates,
    // the commonName will be the name of the individual who will use the certificate.
    $dn = array(
        "countryName" => "UK",
        "stateOrProvinceName" => "Somerset",
        "localityName" => "Glastonbury",
        "organizationName" => "The Brain Room Limited",
        "organizationalUnitName" => "PHP Documentation Team",
        "commonName" => "Wez Furlong",
        "emailAddress" => "wez@example.com"
    );
    
    // Generate a new private (and public) key pair
    $privkey = openssl_pkey_new();
    
    // Generate a certificate signing request
    $csr = openssl_csr_new($dn, $privkey);
    
    // You will usually want to create a self-signed certificate at this
    // point until your CA fulfills your request.
    // This creates a self-signed cert that is valid for 365 days
    $sscert = openssl_csr_sign($csr, null, $privkey, 365);
    
    // Now you will want to preserve your private key, CSR and self-signed
    // cert so that they can be installed into your web server.
    
    openssl_csr_export($csr, $csrout) and var_dump($csrout);
    openssl_x509_export($sscert, $certout) and var_dump($certout);
    openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
    
    // Show any errors that occurred here
    while (($e = openssl_error_string()) !== false) {
        echo $e . "
    ";
    }
    //save certificate and privatekey to file
    file_put_contents("certificate.cer", $certout);
    file_put_contents("privatekey.pem", $pkeyout);
    ?>
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 关于线性结构的问题:希望能从头到尾完整地帮我改一下,困扰我很久了
  • ¥20 设计一个二极管稳压值检测电路
  • ¥15 内网办公电脑进行向日葵
  • ¥15 如何输入双曲线的参数a然后画出双曲线?我输入处理函数加上后就没有用了,不知道怎么回事去掉后双曲线可以画出来
  • ¥50 WPF Lidgren.Network.Core2连接问题
  • ¥15 soildworks装配体的尺寸问题
  • ¥100 有偿寻云闪付SDK转URL技术
  • ¥30 基于信创PC发布的QT应用如何跨用户启动后输入中文
  • ¥20 非root手机,如何精准控制手机流量消耗的大小,如20M
  • ¥15 远程安装一下vasp