Page 1 of 1

how to use openssl_csr_sign not self-signed?

Posted: Mon Mar 07, 2005 2:20 am
by kimchi
doing

$sscert = openssl_csr_sign($csr, null, $privkey, 365)

"The generated certificate will be signed by cacert. If cacert is NULL, the generated certificate will be a self-signed certificate. priv_key is the private key that corresponds to cacert."

-from http://ph.php.net/manual/en/function.op ... r-sign.php

how would you do it if not selfsigned?

i tried

$cacert = "/etc/httpd/conf/ssl.crt/servercert.pem";
$cakey = "/etc/httpd/conf/ssl.key/serverkey.pem";
$openssl = "/usr/share/ssl/openssl.cnf";
$temp2 = "client.pem";

//sign the request
$sscert = openssl_csr_sign($csr, $cacert, $cakey, $default_days);

to make my servercert.pem wc i gave CA-signing capabilities to sign my cgenrated clients but the function openssl_csr_sign gives warning that it cannot get the cert (parameter 2) so when i do a

openssl_x509_export ($sscert , $certout)

to export it, it gives another error because what it gets is a boolean (FALSE) and not a resource

:(

i tried the various ways in the php.met examples as well like

$cacert = "file://etc/httpd/conf/ssl.crt/servercert.pem";
$cakey = "file://etc/httpd/conf/ssl.key/serverkey.pem";

but still the same error..

how would you do it if not selfsigned?

thanks for the help...