利用PHP 和 openssl 建立自簽根憑證


 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>建立自簽根憑證</title>
</head>
<body>
123
<?php
// CA憑證的辨識名稱(DN, Distinguished Name)
$dn = array(
    "countryName" => "TW",
    "stateOrProvinceName" => "Taiwan",
    "localityName" => "Taichung",
    "organizationName" => "ABC Corporation",
    "organizationalUnitName" => "CA",
    "commonName" => "ABC CA",
    "emailAddress" => "ca@abc.com.tw");
echo "CA憑證的辨識名稱" ;

// 產生私密金鑰(包含公開金鑰)
$configs = array(
    "private_key_bits" => 2048 ,
    "private_key_type" => OPENSSL_KEYTYPE_RSA );
echo "產生私密金鑰(包含公開金鑰)" ;


$privatekey = openssl_pkey_new($configs);
// 產生CSR
$csr = openssl_csr_new($dn, $privatekey);
// 產生自簽憑證
$configs = array(
                   "x509_extensions" => "v3_ca" ,
                   "digest_alg" => "sha1");
$cert = openssl_csr_sign($csr, null, $privatekey, 3650, $configs);


echo "產生自簽憑證" ;
openssl_csr_export_to_file( $csr , "cacsr.pem" );
openssl_x509_export_to_file( $cert , "cacert.cer" );
openssl_pkey_export_to_file( $privatekey , "cakey.pem" , "ca_pw" );

?>
</body>
</html>

留言

這個網誌中的熱門文章

十四、NAS4Free 新增一ZFS磁碟機