study/uTools-Manuals
1
0
Fork 0
mirror of https://github.com/fofolee/uTools-Manuals.git synced 2025-06-18 13:57:03 +08:00
Code Issues Packages Projects Releases Wiki Activity
uTools-Manuals/docs/php/openssl_csr_sign.html
fofolee f782158fb7 v0.0.2
2019-04-28 19:00:34 +08:00

151 lines
9.1 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<title>用另一个证书签署 CSR (或者本身) 并且生成一个证书</title>
</head>
<body class="docs"><div id="layout">
<div id="layout-content"><div id="function.openssl-csr-sign" class="refentry">
<div class="refnamediv">
<h1 class="refname">openssl_csr_sign</h1>
<p class="verinfo">(PHP 4 &gt;= 4.2.0, PHP 5, PHP 7)</p><p class="refpurpose"><span class="refname">openssl_csr_sign</span> &mdash; <span class="dc-title">用另一个证书签署 CSR (或者本身) 并且生成一个证书</span></p>
</div>
<div class="refsect1 description" id="refsect1-function.openssl-csr-sign-description">
<h3 class="title">说明</h3>
<div class="methodsynopsis dc-description">
<span class="methodname"><strong>openssl_csr_sign</strong></span>
( <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <code class="parameter">$csr</code></span>
, <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <code class="parameter">$cacert</code></span>
, <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <code class="parameter">$priv_key</code></span>
, <span class="methodparam"><span class="type">int</span> <code class="parameter">$days</code></span>
[, <span class="methodparam"><span class="type">array</span> <code class="parameter">$configargs</code></span>
[, <span class="methodparam"><span class="type">int</span> <code class="parameter">$serial</code><span class="initializer"> = 0</span></span>
]] ) : <span class="type">resource</span></div>
<p class="para rdfs-comment">
<span class="function"><strong>openssl_csr_sign()</strong></span> 从给定的 CSR 生成一个x509证书资源
</p>
<blockquote class="note"><p><strong class="note">Note</strong>:
<span class="simpara">
必须安装有效的 <var class="filename">openssl.cnf</var> 以保证此函数正确运行。参考有关<a href="openssl.installation.html" class="link">安装</a>的说明以获得更多信息。
</span>
</p></blockquote>
</div>
<div class="refsect1 parameters" id="refsect1-function.openssl-csr-sign-parameters">
<h3 class="title">参数</h3>
<p class="para">
<dl>
<dt>
<code class="parameter">csr</code></dt>
<dd>
<p class="para">
<span class="function"><a href="openssl_csr_new.html" class="function">openssl_csr_new()</a></span>函数生成的CSR.
也可以是由类似<var class="filename">file://path/to/csr</var>格式指定的指向PEM编码的CSR路径或者是一个由<span class="function"><a href="openssl_csr_export.html" class="function">openssl_csr_export()</a></span>函数生成的字符串。
</p>
</dd>
<dt>
<code class="parameter">cacert</code></dt>
<dd>
<p class="para">
生成的证书将由<code class="parameter">cacert</code>签名。
如果<code class="parameter">cacert</code><strong><code>NULL</code></strong>, 生成的证书将是自签名证书。
</p>
</dd>
<dt>
<code class="parameter">priv_key</code></dt>
<dd>
<p class="para">
<code class="parameter">priv_key</code><code class="parameter">cacert</code>证书对应的私钥。
</p>
</dd>
<dt>
<code class="parameter">days</code></dt>
<dd>
<p class="para">
<code class="parameter">days</code> 指定生成的证书在几天内有效的时间长度。
</p>
</dd>
<dt>
<code class="parameter">configargs</code></dt>
<dd>
<p class="para">
你可以通过<code class="parameter">configargs</code>确定CSR签名。
查看<span class="function"><a href="openssl_csr_new.html" class="function">openssl_csr_new()</a></span> 方法获取
<code class="parameter">configargs</code>的更多相关信息。
</p>
</dd>
<dt>
<code class="parameter">serial</code></dt>
<dd>
<p class="para">
可选的发行证书编号。如果没有指定默认值为0.
</p>
</dd>
</dl>
</p>
</div>
<div class="refsect1 returnvalues" id="refsect1-function.openssl-csr-sign-returnvalues">
<h3 class="title">返回值</h3>
<p class="para">
成功,返回一个 x509 证书资源,失败则返回 <strong><code>FALSE</code></strong> .
</p>
</div>
<div class="refsect1 examples" id="refsect1-function.openssl-csr-sign-examples">
<h3 class="title">范例</h3>
<p class="para">
<div class="example" id="example-929">
<p><strong>Example #1 <span class="function"><strong>openssl_csr_sign()</strong></span> example - signing a
CSR (how to implement your own CA)</strong></p>
<div class="example-contents">
<div class="phpcode"><pre><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br /></span><span style="color: #FF8000">//&nbsp;Let's&nbsp;assume&nbsp;that&nbsp;this&nbsp;script&nbsp;is&nbsp;set&nbsp;to&nbsp;receive&nbsp;a&nbsp;CSR&nbsp;that&nbsp;has<br />//&nbsp;been&nbsp;pasted&nbsp;into&nbsp;a&nbsp;textarea&nbsp;from&nbsp;another&nbsp;page<br /></span><span style="color: #0000BB">$csrdata&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">"CSR"</span><span style="color: #007700">];<br /><br /></span><span style="color: #FF8000">//&nbsp;We&nbsp;will&nbsp;sign&nbsp;the&nbsp;request&nbsp;using&nbsp;our&nbsp;own&nbsp;"certificate&nbsp;authority"<br />//&nbsp;certificate.&nbsp;&nbsp;You&nbsp;can&nbsp;use&nbsp;any&nbsp;certificate&nbsp;to&nbsp;sign&nbsp;another,&nbsp;but<br />//&nbsp;the&nbsp;process&nbsp;is&nbsp;worthless&nbsp;unless&nbsp;the&nbsp;signing&nbsp;certificate&nbsp;is&nbsp;trusted<br />//&nbsp;by&nbsp;the&nbsp;software/users&nbsp;that&nbsp;will&nbsp;deal&nbsp;with&nbsp;the&nbsp;newly&nbsp;signed&nbsp;certificate<br /><br />//&nbsp;We&nbsp;need&nbsp;our&nbsp;CA&nbsp;cert&nbsp;and&nbsp;its&nbsp;private&nbsp;key<br /></span><span style="color: #0000BB">$cacert&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"file://path/to/ca.crt"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$privkey&nbsp;</span><span style="color: #007700">=&nbsp;array(</span><span style="color: #DD0000">"file://path/to/ca.key"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"your_ca_key_passphrase"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$usercert&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_csr_sign</span><span style="color: #007700">(</span><span style="color: #0000BB">$csrdata</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$cacert</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$privkey</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">365</span><span style="color: #007700">,&nbsp;array(</span><span style="color: #DD0000">'digest_alg'</span><span style="color: #007700">=&gt;</span><span style="color: #DD0000">'sha256'</span><span style="color: #007700">)&nbsp;);<br /><br /></span><span style="color: #FF8000">//&nbsp;Now&nbsp;display&nbsp;the&nbsp;generated&nbsp;certificate&nbsp;so&nbsp;that&nbsp;the&nbsp;user&nbsp;can<br />//&nbsp;copy&nbsp;and&nbsp;paste&nbsp;it&nbsp;into&nbsp;their&nbsp;local&nbsp;configuration&nbsp;(such&nbsp;as&nbsp;a&nbsp;file<br />//&nbsp;to&nbsp;hold&nbsp;the&nbsp;certificate&nbsp;for&nbsp;their&nbsp;SSL&nbsp;server)<br /></span><span style="color: #0000BB">openssl_x509_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$usercert</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$certout</span><span style="color: #007700">);<br />echo&nbsp;</span><span style="color: #0000BB">$certout</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">//&nbsp;Show&nbsp;any&nbsp;errors&nbsp;that&nbsp;occurred&nbsp;here<br /></span><span style="color: #007700">while&nbsp;((</span><span style="color: #0000BB">$e&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_error_string</span><span style="color: #007700">())&nbsp;!==&nbsp;</span><span style="color: #0000BB">false</span><span style="color: #007700">)&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;echo&nbsp;</span><span style="color: #0000BB">$e&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</pre></div>
</div>
</div>
</p>
</div>
</div></div></div></body></html>
Reference in New Issue View Git Blame Copy Permalink