John Davidson

openssl - PHP create certificate CA not self signed

0 comments
Message:


I m trying to create a Certificate CA = not self signed. I 'm using the function PHP openssl_x509_export


For create Self Signed certificate no problem. But when I must create a certificate with Owner different from the Issuer I don't know how to do. I try with this code


    $dn["issuer"] = array("C" => "US", "O" => "DigiCert Inc",  "OU" => "digicert.com", "CN" => "DigiCert High Assurance CA-3");

$dn["owner"] = array("CN" => "twitter.com" , "O" =>"TIWTTER INC", "L" => "San Francisco" , "S"=> "California", "C" => "US" );

$privkey = openssl_pkey_new();
openssl_pkey_export_to_file($privkey, $keypath);
$csr = openssl_csr_new($dn, $privkey);
openssl_csr_export_to_file($csr, $requestpath);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
openssl_x509_export_to_file($sscert, $cerpath);
$src = getcwd();

with no result


Someone know the solution?



My Answer:
To create a certificate with the owner different from the issuer, you need to create two separate certificate signing requests (CSRs) - one for the issuer and one for the owner. Then, you need to sign the owner's CSR with the issuer's private key to generate the certificate.

Here is an example code snippet to achieve this:

php
$issuer_dn = array(
"C" => "US",
"O" => "DigiCert Inc",
"OU" => "digicert.com",
"CN" => "DigiCert High Assurance CA-3"
);

$owner_dn = array(
"CN" => "twitter.com",
"O" => "TWITTER INC",
"L" => "San Francisco",
"S" => "California",
"C" => "US"
);

$issuer_privkey = openssl_pkey_new();
openssl_pkey_export_to_file($issuer_privkey, "issuer_key.pem");

$issuer_csr = openssl_csr_new($issuer_dn, $issuer_privkey);
openssl_csr_export_to_file($issuer_csr, "issuer_csr.pem");

$owner_privkey = openssl_pkey_new();
openssl_pkey_export_to_file($owner_privkey, "owner_key.pem");

$owner_csr = openssl_csr_new($owner_dn, $owner_privkey);
openssl_csr_export_to_file($owner_csr, "owner_csr.pem");

$issuer_cert = openssl_csr_sign($owner_csr, null, $issuer_privkey, 365);
openssl_x509_export_to_file($issuer_cert, "owner_cert.pem");

echo "Certificate created successfully.";


In this code snippet, we first create a CSR for the issuer and the owner separately. Then, we sign the owner's CSR with the issuer's private key to generate the certificate for the owner. Finally, we export the owner's certificate to a file.

Make sure to replace the placeholder values with your actual values and adjust the file paths as needed.

Rate this post

3 of 5 based on 2206 votes

Comments




© 2024 Hayatsk.info - Personal Blogs Platform. All Rights Reserved.
Create blog  |  Privacy Policy  |  Terms & Conditions  |  Contact Us