I m trying to create a Certificate CA = not self signed. I 'm using the function PHP openssl_x509_export
For create Self Signed certificate no problem. But when I must create a certificate with Owner different from the Issuer I don't know how to do. I try with this code
$dn["issuer"] = array("C" => "US", "O" => "DigiCert Inc", "OU" => "digicert.com", "CN" => "DigiCert High Assurance CA-3");
$dn["owner"] = array("CN" => "twitter.com" , "O" =>"TIWTTER INC", "L" => "San Francisco" , "S"=> "California", "C" => "US" );
$privkey = openssl_pkey_new();
openssl_pkey_export_to_file($privkey, $keypath);
$csr = openssl_csr_new($dn, $privkey);
openssl_csr_export_to_file($csr, $requestpath);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
openssl_x509_export_to_file($sscert, $cerpath);
$src = getcwd();
with no result
Someone know the solution?
My Answer:
To create a certificate with the owner different from the issuer, you need to create two separate certificate signing requests (CSRs) - one for the issuer and one for the owner. Then, you need to sign the owner's CSR with the issuer's private key to generate the certificate.
Here is an example code snippet to achieve this:
php
$issuer_dn = array(
"C" => "US",
"O" => "DigiCert Inc",
"OU" => "digicert.com",
"CN" => "DigiCert High Assurance CA-3"
);
$owner_dn = array(
"CN" => "twitter.com",
"O" => "TWITTER INC",
"L" => "San Francisco",
"S" => "California",
"C" => "US"
);
$issuer_privkey = openssl_pkey_new();
openssl_pkey_export_to_file($issuer_privkey, "issuer_key.pem");
$issuer_csr = openssl_csr_new($issuer_dn, $issuer_privkey);
openssl_csr_export_to_file($issuer_csr, "issuer_csr.pem");
$owner_privkey = openssl_pkey_new();
openssl_pkey_export_to_file($owner_privkey, "owner_key.pem");
$owner_csr = openssl_csr_new($owner_dn, $owner_privkey);
openssl_csr_export_to_file($owner_csr, "owner_csr.pem");
$issuer_cert = openssl_csr_sign($owner_csr, null, $issuer_privkey, 365);
openssl_x509_export_to_file($issuer_cert, "owner_cert.pem");
echo "Certificate created successfully.";
In this code snippet, we first create a CSR for the issuer and the owner separately. Then, we sign the owner's CSR with the issuer's private key to generate the certificate for the owner. Finally, we export the owner's certificate to a file.
Make sure to replace the placeholder values with your actual values and adjust the file paths as needed.
Rate this post
3 of 5 based on 2206 votesComments