Wondering if anyone else has run into the following problem (or if I'm missing
something totally obvious). I've got a program that basically generates a key
and certificate for a user who enters all the associated information (common
name, passphrase, etc). So I've created a dummy CA cert and key that I keep on
my server. Here's some example code:
$cacert = "file://caselfsigncert.pem";
$cakey = array("file://caselfsignkey.pem", "insecureselfsignkey");
if ($privkey = openssl_pkey_new()) {
openssl_pkey_export($privkey, $pkeyout, $passphrase);
print "<h2>priv key</h2><pre>$pkeyout</pre>";
}
if ($csr = openssl_csr_new($dn, $privkey)) {
openssl_csr_export($csr, $csrout);
print "<h2>CSR:</h2><pre>$csrout</pre>";
}
if ($cert = openssl_csr_sign($csr, $cacert, $cakey, 365)) {
openssl_x509_export($cert, $certout);
print "<h2>x509:</h2><pre>$certout</pre>";
}
My problem is that the last stanza ($cert = openssl_csr_sign...) doesn't work.
I know that the certificate and key file are loaded and that passphrase is
working (if I change either of the three variables I get openssl and/or PHP
errors complaing the files are not found or the passphrase is invalid).
When it does seemingly work, my program ceases all output and terminates. I
originally didn't have each step enclosed in _if_ statements and that resulted
in null output from the entriee program (even that parts that were working).
So it seems like either openssl_csr_sign is broken, or that I'm using it in
the wrong way (though the docs on php.net imply this is proper). One other
note, if I use NULL instead of $cacert as the signing certificate it works
fine (i.e. self signed certs).
Anyone have any ideas?
openssl0.9.6h
php4.2.3
Thanks
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
