A PHP 7 solution is not perfect for me, but could helps someone with similar problem. Procedure to create CSR with SAN Login into a server where you have OpenSSL installed Go to /tmp or create any directory Create a file named san.cnf using vi. The ideal solution should works with PHP 5.6, but I did all tests in PHP7.3 and it fails too. Openssl req -new -newkey rsa:2048 -nodes -subj "/CN=/O=My Corporation/OU=Org Unit 1/OU=Org Unit 2/OU=UNIT3/OU=UNITUNIT/OU=MYUNit/OU=FinalUNit" > test.csrĪre there any way to achieve it using PHP? OpenSSL Commands generate the RSA private key openssl genpkey -outform PEM -algorithm RSA -pkeyopt rsakeygenbits:2048 -out priv.key Create the CSR openssl req -new -nodes -key priv.key -config csrconfig.txt -out cert. Here’s what it can look like: req defaultbits 2048 distinguishedname. Provide CSR subject info on a command line, rather than through interactive prompt. What I want as final result is a CSR file similar to the file created with the following command line ( Source): To generate a certificate with SAN extension using OpenSSL, we need to create a config first. openssl req -new -key example.key -out example.csr -digest Create a CSR and a private key without a pass phrase in a single command: openssl req -nodes -newkey rsa:bits -keyout example.key -out example.csr. In my previous research, I found this PHP bug report with similar problem, but it refers to a very old PHP version, so it should works fine with the array approach in my environment, but it doesn't. Repeat the key OU or organizationalUnitName does not work, even with index like 1.organizationalUnitName ou organizationalUnitName1 (these last two are not recognized by PHP). I also tried to use the extraattribs from openssl_csr_new function and this is the best option for now, but using it, I'm limited in 4 OUs. "organizationalUnitName" => 'OU=organizationname/OU=organizationname2' "organizationalUnitName" => "'unitName', 'unit2'" "organizationalUnitName" => array('unitName', 'unit2') I've already tried some options like below: //using array It works fine, but now I'm trying to create these files with more than one OU (organizationalUnitName), but I'm failing to achieve it. Generate the certificate with the CSR and the key and sign it with the CAs root key Use the following command to create the certificate: Copy openssl x509 -req -in fabrikam.csr -CA contoso.crt -CAkey contoso.key -CAcreateserial -out fabrikam. Openssl_csr_export_to_file($csr, '/myPath/test.csr') ![]() Entrust has created this page to simplify the process of creating this command. ![]() $san įile_put_contents('/myPath/openssl.cnf', $cnf) Open SSL CSR Command Builder The first step in requesting an SSL certificate for your Apache based Web server, is to generate a Certificate Signing Request (CSR) using an OpenSSL command that contains information about your identity. $cnf = "\ndistinguished_name = req_distinguished_name\nreq_extensions = req_ext\n\n\ncountryName = Country Name (2 letter code)\n\n\nsubjectAltName = nonRepudiation, digitalSignature, keyEncipherment\n\n\n". $privkey = openssl_pkey_new($arrayPrivKey) I'm using PHP to create CSR files using the following snippet: $dn = array(
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |