how to use openssl_csr_sign not self-signed?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
kimchi
Forum Newbie
Posts: 2
Joined: Mon Feb 28, 2005 9:17 pm

how to use openssl_csr_sign not self-signed?

Post by kimchi »

doing

$sscert = openssl_csr_sign($csr, null, $privkey, 365)

"The generated certificate will be signed by cacert. If cacert is NULL, the generated certificate will be a self-signed certificate. priv_key is the private key that corresponds to cacert."

-from http://ph.php.net/manual/en/function.op ... r-sign.php

how would you do it if not selfsigned?

i tried

$cacert = "/etc/httpd/conf/ssl.crt/servercert.pem";
$cakey = "/etc/httpd/conf/ssl.key/serverkey.pem";
$openssl = "/usr/share/ssl/openssl.cnf";
$temp2 = "client.pem";

//sign the request
$sscert = openssl_csr_sign($csr, $cacert, $cakey, $default_days);

to make my servercert.pem wc i gave CA-signing capabilities to sign my cgenrated clients but the function openssl_csr_sign gives warning that it cannot get the cert (parameter 2) so when i do a

openssl_x509_export ($sscert , $certout)

to export it, it gives another error because what it gets is a boolean (FALSE) and not a resource

:(

i tried the various ways in the php.met examples as well like

$cacert = "file://etc/httpd/conf/ssl.crt/servercert.pem";
$cakey = "file://etc/httpd/conf/ssl.key/serverkey.pem";

but still the same error..

how would you do it if not selfsigned?

thanks for the help...
Post Reply