$sscert = openssl_csr_sign($csr, null, $privkey, 365)
"The generated certificate will be signed by cacert. If cacert is NULL, the generated certificate will be a self-signed certificate. priv_key is the private key that corresponds to cacert."
-from http://ph.php.net/manual/en/function.op ... r-sign.php
how would you do it if not selfsigned?
i tried
$cacert = "/etc/httpd/conf/ssl.crt/servercert.pem";
$cakey = "/etc/httpd/conf/ssl.key/serverkey.pem";
$openssl = "/usr/share/ssl/openssl.cnf";
$temp2 = "client.pem";
//sign the request
$sscert = openssl_csr_sign($csr, $cacert, $cakey, $default_days);
to make my servercert.pem wc i gave CA-signing capabilities to sign my cgenrated clients but the function openssl_csr_sign gives warning that it cannot get the cert (parameter 2) so when i do a
openssl_x509_export ($sscert , $certout)
to export it, it gives another error because what it gets is a boolean (FALSE) and not a resource
i tried the various ways in the php.met examples as well like
$cacert = "file://etc/httpd/conf/ssl.crt/servercert.pem";
$cakey = "file://etc/httpd/conf/ssl.key/serverkey.pem";
but still the same error..
how would you do it if not selfsigned?
thanks for the help...