mirror of
https://github.com/fofolee/uTools-Manuals.git
synced 2025-06-18 13:57:03 +08:00
238 lines
19 KiB
HTML
238 lines
19 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
|
||
<html>
|
||
<head>
|
||
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
|
||
<title>生成一个 CSR</title>
|
||
</head>
|
||
<body class="docs"><div id="layout">
|
||
<div id="layout-content"><div id="function.openssl-csr-new" class="refentry">
|
||
<div class="refnamediv">
|
||
<h1 class="refname">openssl_csr_new</h1>
|
||
<p class="verinfo">(PHP 4 >= 4.2.0, PHP 5, PHP 7)</p><p class="refpurpose"><span class="refname">openssl_csr_new</span> — <span class="dc-title">生成一个 CSR</span></p>
|
||
|
||
</div>
|
||
|
||
<div class="refsect1 description" id="refsect1-function.openssl-csr-new-description">
|
||
<h3 class="title">说明</h3>
|
||
<div class="methodsynopsis dc-description">
|
||
<span class="methodname"><strong>openssl_csr_new</strong></span>
|
||
( <span class="methodparam"><span class="type">array</span> <code class="parameter">$dn</code></span>
|
||
, <span class="methodparam"><span class="type">resource</span> <code class="parameter reference">&$privkey</code></span>
|
||
[, <span class="methodparam"><span class="type">array</span> <code class="parameter">$configargs</code></span>
|
||
[, <span class="methodparam"><span class="type">array</span> <code class="parameter">$extraattribs</code></span>
|
||
]] ) : <span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span></div>
|
||
|
||
<p class="para rdfs-comment">
|
||
<span class="function"><strong>openssl_csr_new()</strong></span> 根据<code class="parameter">dn</code>提供的信息生成新的CSR(证书签名请求)。
|
||
</p>
|
||
<blockquote class="note"><p><strong class="note">Note</strong>:
|
||
<span class="simpara">
|
||
必须安装有效的 <var class="filename">openssl.cnf</var> 以保证此函数正确运行。参考有关<a href="openssl.installation.html" class="link">安装</a>的说明以获得更多信息。
|
||
</span>
|
||
</p></blockquote>
|
||
</div>
|
||
|
||
|
||
<div class="refsect1 parameters" id="refsect1-function.openssl-csr-new-parameters">
|
||
<h3 class="title">参数</h3>
|
||
<p class="para">
|
||
<dl>
|
||
|
||
|
||
<dt>
|
||
<code class="parameter">dn</code></dt>
|
||
|
||
<dd>
|
||
|
||
<p class="para">
|
||
在证书中使用的专有名称或主题字段。
|
||
</p>
|
||
</dd>
|
||
|
||
|
||
|
||
<dt>
|
||
<code class="parameter">privkey</code></dt>
|
||
|
||
<dd>
|
||
|
||
<p class="para">
|
||
<code class="parameter">privkey</code> 应该被设置为由<span class="function"><a href="openssl_pkey_new.html" class="function">openssl_pkey_new()</a></span>函数预先生成(或者以其他方式从openssl_pkey函数集中获得)的私钥。该密钥的相应公共部分将用于签署CSR.
|
||
</p>
|
||
</dd>
|
||
|
||
|
||
|
||
<dt>
|
||
<code class="parameter">configargs</code></dt>
|
||
|
||
<dd>
|
||
|
||
<p class="para">
|
||
默认的, 是通过你系统里的<em>openssl.conf</em>配置来初始化请求; 您可以通过设置<code class="parameter">configargs</code>的<em>config_section_section</em>项来指定配置文件部分。
|
||
您还可以通过将config键的值设置为您想要使用的文件路径来指定另一个openssl配置文件。如果在<code class="parameter">configargs</code>中存在下列键,它们的行为就像在<em>openssl.conf</em>中一样。如下表所示:
|
||
<table class="doctable table">
|
||
<caption><strong>配置覆盖</strong></caption>
|
||
|
||
<thead>
|
||
<tr>
|
||
<th><code class="parameter">configargs</code> 键</th>
|
||
<th>type</th>
|
||
<th>等同于 <em>openssl.conf</em></th>
|
||
<th>描述</th>
|
||
</tr>
|
||
|
||
</thead>
|
||
|
||
<tbody class="tbody">
|
||
<tr>
|
||
<td>digest_alg</td>
|
||
<td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td>
|
||
<td>default_md</td>
|
||
<td>摘要算法或签名哈希算法,通常是 <span class="function"><a href="openssl_get_md_methods.html" class="function">openssl_get_md_methods()</a></span> 之一。</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>x509_extensions</td>
|
||
<td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td>
|
||
<td>x509_extensions</td>
|
||
<td>选择在创建x509证书时应该使用哪些扩展</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>req_extensions</td>
|
||
<td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td>
|
||
<td>req_extensions</td>
|
||
<td>创建CSR时,选择使用哪个扩展</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>private_key_bits</td>
|
||
<td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td>
|
||
<td>default_bits</td>
|
||
<td>指定应该使用多少位来生成私钥</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>private_key_type</td>
|
||
<td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td>
|
||
<td>none</td>
|
||
<td>选择在创建CSR时应该使用哪些扩展。可选值有
|
||
<strong><code>OPENSSL_KEYTYPE_DSA</code></strong>,
|
||
<strong><code>OPENSSL_KEYTYPE_DH</code></strong>,
|
||
<strong><code>OPENSSL_KEYTYPE_RSA</code></strong> 或
|
||
<strong><code>OPENSSL_KEYTYPE_EC</code></strong>.
|
||
默认值是 <strong><code>OPENSSL_KEYTYPE_RSA</code></strong>.
|
||
</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>encrypt_key</td>
|
||
<td><span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span></td>
|
||
<td>encrypt_key</td>
|
||
<td>是否应该对导出的密钥(带有密码短语)进行加密?</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>encrypt_key_cipher</td>
|
||
<td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td>
|
||
<td>none</td>
|
||
<td>
|
||
<a href="openssl.ciphers.html" class="link">cipher constants</a>常量之一。
|
||
</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>curve_name</td>
|
||
<td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td>
|
||
<td>none</td>
|
||
<td>
|
||
要求PHP7.1+, <span class="function"><a href="openssl_get_curve_names.html" class="function">openssl_get_curve_names()</a></span>之一。
|
||
</td>
|
||
</tr>
|
||
|
||
<tr>
|
||
<td>config</td>
|
||
<td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td>
|
||
<td>N/A</td>
|
||
<td>
|
||
自定义 openssl.conf 文件的路径。
|
||
</td>
|
||
</tr>
|
||
|
||
</tbody>
|
||
|
||
</table>
|
||
|
||
</p>
|
||
</dd>
|
||
|
||
|
||
|
||
<dt>
|
||
<code class="parameter">extraattribs</code></dt>
|
||
|
||
<dd>
|
||
|
||
<p class="para">
|
||
<code class="parameter">extraattribs</code> 用于为CSR指定额外的配置选项。<code class="parameter">dn</code> 和
|
||
<code class="parameter">extraattribs</code> 都是关联数组它们的键被转换成OIDs,并应用到请求的相关部分。
|
||
</p>
|
||
</dd>
|
||
|
||
|
||
</dl>
|
||
|
||
</p>
|
||
</div>
|
||
|
||
|
||
<div class="refsect1 returnvalues" id="refsect1-function.openssl-csr-new-returnvalues">
|
||
<h3 class="title">返回值</h3>
|
||
<p class="para">
|
||
成功,返回CSR 或者在失败时返回 <strong><code>FALSE</code></strong>.
|
||
</p>
|
||
</div>
|
||
|
||
|
||
<div class="refsect1 examples" id="refsect1-function.openssl-csr-new-examples">
|
||
<h3 class="title">范例</h3>
|
||
<p class="para">
|
||
<div class="example" id="example-927">
|
||
<p><strong>Example #1 创建一个自签名的证书</strong></p>
|
||
<div class="example-contents">
|
||
<div class="phpcode"><pre><span style="color: #000000">
|
||
<span style="color: #0000BB"><?php<br /></span><span style="color: #FF8000">// for SSL server certificates the commonName is the domain name to be secured<br />// for S/MIME email certificates the commonName is the owner of the email address<br />// location and identification fields refer to the owner of domain or email subject to be secured<br /></span><span style="color: #0000BB">$dn </span><span style="color: #007700">= array(<br /> </span><span style="color: #DD0000">"countryName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"GB"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"stateOrProvinceName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"Somerset"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"localityName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"Glastonbury"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"organizationName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"The Brain Room Limited"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"organizationalUnitName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"PHP Documentation Team"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"commonName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"Wez Furlong"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"emailAddress" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"wez@example.com"<br /></span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">// Generate a new private (and public) key pair<br /></span><span style="color: #0000BB">$privkey </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_pkey_new</span><span style="color: #007700">(array(<br /> </span><span style="color: #DD0000">"private_key_bits" </span><span style="color: #007700">=> </span><span style="color: #0000BB">2048</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"private_key_type" </span><span style="color: #007700">=> </span><span style="color: #0000BB">OPENSSL_KEYTYPE_RSA</span><span style="color: #007700">,<br />));<br /><br /></span><span style="color: #FF8000">// Generate a certificate signing request<br /></span><span style="color: #0000BB">$csr </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_csr_new</span><span style="color: #007700">(</span><span style="color: #0000BB">$dn</span><span style="color: #007700">, </span><span style="color: #0000BB">$privkey</span><span style="color: #007700">, array(</span><span style="color: #DD0000">'digest_alg' </span><span style="color: #007700">=> </span><span style="color: #DD0000">'sha256'</span><span style="color: #007700">));<br /><br /></span><span style="color: #FF8000">// Generate a self-signed cert, valid for 365 days<br /></span><span style="color: #0000BB">$x509 </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_csr_sign</span><span style="color: #007700">(</span><span style="color: #0000BB">$csr</span><span style="color: #007700">, </span><span style="color: #0000BB">null</span><span style="color: #007700">, </span><span style="color: #0000BB">$privkey</span><span style="color: #007700">, </span><span style="color: #0000BB">$days</span><span style="color: #007700">=</span><span style="color: #0000BB">365</span><span style="color: #007700">, array(</span><span style="color: #DD0000">'digest_alg' </span><span style="color: #007700">=> </span><span style="color: #DD0000">'sha256'</span><span style="color: #007700">));<br /><br /></span><span style="color: #FF8000">// Save your private key, CSR and self-signed cert for later use<br /></span><span style="color: #0000BB">openssl_csr_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$csr</span><span style="color: #007700">, </span><span style="color: #0000BB">$csrout</span><span style="color: #007700">) and </span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$csrout</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">openssl_x509_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$x509</span><span style="color: #007700">, </span><span style="color: #0000BB">$certout</span><span style="color: #007700">) and </span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$certout</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">openssl_pkey_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$privkey</span><span style="color: #007700">, </span><span style="color: #0000BB">$pkeyout</span><span style="color: #007700">, </span><span style="color: #DD0000">"mypassword"</span><span style="color: #007700">) and </span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$pkeyout</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">// Show any errors that occurred here<br /></span><span style="color: #007700">while ((</span><span style="color: #0000BB">$e </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_error_string</span><span style="color: #007700">()) !== </span><span style="color: #0000BB">false</span><span style="color: #007700">) {<br /> echo </span><span style="color: #0000BB">$e </span><span style="color: #007700">. </span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?></span>
|
||
</span>
|
||
</pre></div>
|
||
</div>
|
||
|
||
</div>
|
||
|
||
<div class="example" id="example-928">
|
||
<p><strong>Example #2 在PHP 7.1+版本中创建一个自签名的ECC证书</strong></p>
|
||
<div class="example-contents">
|
||
<div class="phpcode"><pre><span style="color: #000000">
|
||
<span style="color: #0000BB"><?php<br />$subject </span><span style="color: #007700">= array(<br /> </span><span style="color: #DD0000">"commonName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"docs.php.net"</span><span style="color: #007700">,<br />);<br /><br /></span><span style="color: #FF8000">// Generate a new private (and public) key pair<br /></span><span style="color: #0000BB">$private_key </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_pkey_new</span><span style="color: #007700">(array(<br /> </span><span style="color: #DD0000">"private_key_type" </span><span style="color: #007700">=> </span><span style="color: #0000BB">OPENSSL_KEYTYPE_EC</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"curve_name" </span><span style="color: #007700">=> </span><span style="color: #DD0000">'prime256v1'</span><span style="color: #007700">,<br />));<br /><br /></span><span style="color: #FF8000">// Generate a certificate signing request<br /></span><span style="color: #0000BB">$csr </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_csr_new</span><span style="color: #007700">(</span><span style="color: #0000BB">$subject</span><span style="color: #007700">, </span><span style="color: #0000BB">$private_key</span><span style="color: #007700">, array(</span><span style="color: #DD0000">'digest_alg' </span><span style="color: #007700">=> </span><span style="color: #DD0000">'sha384'</span><span style="color: #007700">));<br /><br /></span><span style="color: #FF8000">// Generate self-signed EC cert<br /></span><span style="color: #0000BB">$x509 </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_csr_sign</span><span style="color: #007700">(</span><span style="color: #0000BB">$csr</span><span style="color: #007700">, </span><span style="color: #0000BB">null</span><span style="color: #007700">, </span><span style="color: #0000BB">$private_key</span><span style="color: #007700">, </span><span style="color: #0000BB">$days</span><span style="color: #007700">=</span><span style="color: #0000BB">365</span><span style="color: #007700">, array(</span><span style="color: #DD0000">'digest_alg' </span><span style="color: #007700">=> </span><span style="color: #DD0000">'sha384'</span><span style="color: #007700">));<br /></span><span style="color: #0000BB">openssl_x509_export_to_file</span><span style="color: #007700">(</span><span style="color: #0000BB">$x509</span><span style="color: #007700">, </span><span style="color: #DD0000">'ecc-cert.pem'</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">openssl_pkey_export_to_file</span><span style="color: #007700">(</span><span style="color: #0000BB">$private_key</span><span style="color: #007700">, </span><span style="color: #DD0000">'ecc-private.key'</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">?></span>
|
||
</span>
|
||
</pre></div>
|
||
</div>
|
||
|
||
</div>
|
||
|
||
|
||
</p>
|
||
</div>
|
||
|
||
|
||
<div class="refsect1 seealso" id="refsect1-function.openssl-csr-new-seealso">
|
||
<h3 class="title">参见</h3>
|
||
<p class="para">
|
||
<ul class="simplelist">
|
||
<li class="member"><span class="function"><a href="openssl_csr_sign.html" class="function" rel="rdfs-seeAlso">openssl_csr_sign()</a> - 用另一个证书签署 CSR (或者本身) 并且生成一个证书</span></li>
|
||
</ul>
|
||
</p>
|
||
</div>
|
||
|
||
|
||
</div></div></div></body></html> |