sigmasternchen/php-doc-en
1
0
Fork 0
mirror of https://github.com/sigmasternchen/php-doc-en synced 2025-03-21 03:18:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
php-doc-en/reference/openssl/functions/openssl-csr-new.xml
Máté Kocsis d1e3ea622e Generate openssl methodsynopses based on stubs 
Co-authored-by: Christoph M. Becker <cmbecker69@gmx.de>

Closes GH-309.
2021-02-13 14:43:23 +01:00

313 lines
10 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8"?>
<!-- $Revision$ -->
<refentry xml:id="function.openssl-csr-new" xmlns="http://docbook.org/ns/docbook">
<refnamediv>
<refname>openssl_csr_new</refname>
<refpurpose>Generates a CSR</refpurpose>
</refnamediv>
<refsect1 role="description">
&reftitle.description;
<methodsynopsis>
<type class="union"><type>OpenSSLCertificateSigningRequest</type><type>false</type></type><methodname>openssl_csr_new</methodname>
<methodparam><type>array</type><parameter>distinguished_names</parameter></methodparam>
<methodparam><type>OpenSSLAsymmetricKey</type><parameter role="reference">private_key</parameter></methodparam>
<methodparam choice="opt"><type class="union"><type>array</type><type>null</type></type><parameter>options</parameter><initializer>&null;</initializer></methodparam>
<methodparam choice="opt"><type class="union"><type>array</type><type>null</type></type><parameter>extra_attributes</parameter><initializer>&null;</initializer></methodparam>
</methodsynopsis>
<para>
<function>openssl_csr_new</function> generates a new CSR (Certificate Signing Request)
based on the information provided by <parameter>distinguished_names</parameter>.
</para>
&note.openssl.cnf;
</refsect1>
<refsect1 role="parameters">
&reftitle.parameters;
<para>
<variablelist>
<varlistentry>
<term><parameter>distinguished_names</parameter></term>
<listitem>
<para>
The Distinguished Name or subject fields to be used in the certificate.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><parameter>private_key</parameter></term>
<listitem>
<para>
<parameter>private_key</parameter> should be set to a private key that was
previously generated by <function>openssl_pkey_new</function> (or
otherwise obtained from the other openssl_pkey family of functions).
The corresponding public portion of the key will be used to sign the
CSR.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><parameter>options</parameter></term>
<listitem>
<para>
By default, the information in your system <literal>openssl.conf</literal>
is used to initialize the request; you can specify a configuration file
section by setting the <literal>config_section_section</literal> key of
<parameter>options</parameter>. You can also specify an alternative
openssl configuration file by setting the value of the
<literal>config</literal> key to the path of the file you want to use.
The following keys, if present in <parameter>options</parameter>
behave as their equivalents in the <literal>openssl.conf</literal>, as
listed in the table below.
<table>
<title>Configuration overrides</title>
<tgroup cols="3">
<thead>
<row>
<entry><parameter>options</parameter> key</entry>
<entry>type</entry>
<entry><literal>openssl.conf</literal> equivalent</entry>
<entry>description</entry>
</row>
</thead>
<tbody>
<row>
<entry>digest_alg</entry>
<entry><type>string</type></entry>
<entry>default_md</entry>
<entry>Digest method or signature hash, usually one of <function>openssl_get_md_methods</function></entry>
</row>
<row>
<entry>x509_extensions</entry>
<entry><type>string</type></entry>
<entry>x509_extensions</entry>
<entry>Selects which extensions should be used when creating an x509
certificate</entry>
</row>
<row>
<entry>req_extensions</entry>
<entry><type>string</type></entry>
<entry>req_extensions</entry>
<entry>Selects which extensions should be used when creating a CSR</entry>
</row>
<row>
<entry>private_key_bits</entry>
<entry><type>int</type></entry>
<entry>default_bits</entry>
<entry>Specifies how many bits should be used to generate a private
key</entry>
</row>
<row>
<entry>private_key_type</entry>
<entry><type>int</type></entry>
<entry>none</entry>
<entry>Specifies the type of private key to create. This can be one
of <constant>OPENSSL_KEYTYPE_DSA</constant>,
<constant>OPENSSL_KEYTYPE_DH</constant>,
<constant>OPENSSL_KEYTYPE_RSA</constant> or
<constant>OPENSSL_KEYTYPE_EC</constant>.
The default value is <constant>OPENSSL_KEYTYPE_RSA</constant>.
</entry>
</row>
<row>
<entry>encrypt_key</entry>
<entry><type>bool</type></entry>
<entry>encrypt_key</entry>
<entry>Should an exported key (with passphrase) be encrypted?</entry>
</row>
<row>
<entry>encrypt_key_cipher</entry>
<entry><type>int</type></entry>
<entry>none</entry>
<entry>
One of <link linkend="openssl.ciphers">cipher constants</link>.
</entry>
</row>
<row>
<entry>curve_name</entry>
<entry><type>string</type></entry>
<entry>none</entry>
<entry>
One of <function>openssl_get_curve_names</function>.
</entry>
</row>
<row>
<entry>config</entry>
<entry><type>string</type></entry>
<entry>N/A</entry>
<entry>
Path to your own alternative openssl.conf file.
</entry>
</row>
</tbody>
</tgroup>
</table>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><parameter>extra_attributes</parameter></term>
<listitem>
<para>
<parameter>extra_attributes</parameter> is used to specify additional
configuration options for the CSR. Both <parameter>distinguished_names</parameter> and
<parameter>extra_attributes</parameter> are associative arrays whose keys are
converted to OIDs and applied to the relevant part of the request.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect1>
<refsect1 role="returnvalues">
&reftitle.returnvalues;
<para>
Returns the CSR&return.falseforfailure;.
</para>
</refsect1>
<refsect1 role="changelog">
&reftitle.changelog;
<informaltable>
<tgroup cols="2">
<thead>
<row>
<entry>&Version;</entry>
<entry>&Description;</entry>
</row>
</thead>
<tbody>
<row>
<entry>8.0.0</entry>
<entry>
On success, this function returns an <classname>OpenSSLCertificateSigningRequest</classname> instance now;
previously, a &resource; of type <literal>OpenSSL X.509 CSR</literal> was returned.
</entry>
</row>
<row>
<entry>8.0.0</entry>
<entry>
<parameter>private_key</parameter> accepts an <classname>OpenSSLAsymmetricKey</classname> instance now;
previously, a &resource; of type <literal>OpenSSL key</literal> was accepted.
</entry>
</row>
<row>
<entry>7.1.0</entry>
<entry>
<parameter>options</parameter> now also supports <literal>curve_name</literal>.
</entry>
</row>
</tbody>
</tgroup>
</informaltable>
</refsect1>
<refsect1 role="examples">
&reftitle.examples;
<para>
<example>
<title>Creating a self-signed certificate</title>
<programlisting role="php">
<![CDATA[
<?php
// for SSL server certificates the commonName is the domain name to be secured
// for S/MIME email certificates the commonName is the owner of the email address
// location and identification fields refer to the owner of domain or email subject to be secured
$dn = array(
"countryName" => "GB",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "wez@example.com"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_new(array(
"private_key_bits" => 2048,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey, array('digest_alg' => 'sha256'));
// Generate a self-signed cert, valid for 365 days
$x509 = openssl_csr_sign($csr, null, $privkey, $days=365, array('digest_alg' => 'sha256'));
// Save your private key, CSR and self-signed cert for later use
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($x509, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
?>
]]>
</programlisting>
</example>
<example>
<title>Creating a self-signed ECC certificate (as of PHP 7.1.0)</title>
<programlisting role="php">
<![CDATA[
<?php
$subject = array(
"commonName" => "docs.php.net",
);
// Generate a new private (and public) key pair
$private_key = openssl_pkey_new(array(
"private_key_type" => OPENSSL_KEYTYPE_EC,
"curve_name" => 'prime256v1',
));
// Generate a certificate signing request
$csr = openssl_csr_new($subject, $private_key, array('digest_alg' => 'sha384'));
// Generate self-signed EC cert
$x509 = openssl_csr_sign($csr, null, $private_key, $days=365, array('digest_alg' => 'sha384'));
openssl_x509_export_to_file($x509, 'ecc-cert.pem');
openssl_pkey_export_to_file($private_key, 'ecc-private.key');
?>
]]>
</programlisting>
</example>
</para>
</refsect1>
<refsect1 role="seealso">
&reftitle.seealso;
<para>
<simplelist>
<member><function>openssl_csr_sign</function></member>
</simplelist>
</para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"~/.phpdoc/manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
Reference in a new issue View git blame Copy permalink