ID: 19820
Updated by: [EMAIL PROTECTED]
Reported By: [EMAIL PROTECTED]
-Status: Feedback
+Status: Open
-Bug Type: OpenSSL related
+Bug Type: Documentation problem
Operating System: linux PLD
PHP Version: 4.2.3
-Assigned To:
+Assigned To: wez
New Comment:
This is really a user error, but it's understandable given that the
documentation for openssl is not very good.
So I'm making this a documentation problem, and will do something about
that.
I think that a script like the following will be more useful to you.
I tried a few variations on this myself, and this is the one that
worked for me. I'm using the PHP 4.3 release candidate, but it should
work just fine under 4.2 (there have been no significant changes in the
openssl ext).
The openssl_*_export functions also have a corresponding
openssl_*_export_to_file() function that will save the cert/csr/key to
a file instead of a variable.
<?php
error_reporting(E_ALL);
/* You should fill in the gaps with your data; using my company
name
* is not going to be much use for you. */
$dn = array(
"countryName" => "UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "Research and Development",
"commonName" => "Wez Furlong",
"emailAddress" => "[EMAIL PROTECTED]"
);
/* generate a CSR and a new private key */
$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
debug_zval_dump($privkey);
/* generate a self-signed cert */
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
debug_zval_dump($sscert);
/* save the CSR and CERT and private key */
openssl_csr_export($csr, $csrout) and debug_zval_dump($csrout);
openssl_x509_export($sscert, $certout) and
debug_zval_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and
debug_zval_dump($pkeyout);
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
exit(0);
?>
Previous Comments:
------------------------------------------------------------------------
[2002-12-07 01:39:15] [EMAIL PROTECTED]
Please try using this CVS snapshot:
http://snaps.php.net/php4-latest.tar.gz
For Windows:
http://snaps.php.net/win32/php4-win32-latest.zip
------------------------------------------------------------------------
[2002-10-08 12:41:22] [EMAIL PROTECTED]
<?php
$dn = array(
"countryName" => "UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "kontrahent",
"commonName" => "Janusz Flak",
"emailAddress" => "[EMAIL PROTECTED]"
);
$privkey = openssl_pkey_new();
$csr = openssl_csr_new( $dn, $privkey);
$CA_CERT = "file://cacert.pem";
$fp = fopen("cakey.pem", "r");
$priv_key = fread($fp, 8192);
fclose($fp);
$pass = 'abracadabra';
$pkeyid = openssl_get_privatekey($priv_key,$pass);
$sscert = openssl_csr_sign($csr, $CA_CERT, $pkeyid, 365);
?>
When $pass == ''
I have error
Warning: cannot get private key from parameter 3 in
/home/httpd/test.php on
line 32
error:0906A068:PEM routines:PEM_do_header:bad password read
WHEN strlen($pass) > 0 and pass is true
I have "Page not found" or delay.
WHEN strlen($pass) > 0 and pass is bad
I have
Warning: cannot get private key from parameter 3 in
/home/httpd/test.php on
line 32
error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt
error:0906A065:PEM routines:PEM_do_header:bad decrypt
------------------------------------------------------------------------
--
Edit this bug report at http://bugs.php.net/?id=19820&edit=1
--
PHP Documentation Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
