<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <HTML ><HEAD ><TITLE >openssl_csr_sign</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Manual PHP" HREF="index.html"><LINK REL="UP" TITLE="OpenSSL Functions" HREF="ref.openssl.html"><LINK REL="PREVIOUS" TITLE="openssl_csr_new" HREF="function.openssl-csr-new.html"><LINK REL="NEXT" TITLE="openssl_error_string" HREF="function.openssl-error-string.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=ISO-8859-2"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Manual PHP</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.openssl-csr-new.html" ACCESSKEY="P" >Înapoi</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.openssl-error-string.html" ACCESSKEY="N" >Înainte</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.openssl-csr-sign" ></A >openssl_csr_sign</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN84781" ></A ><P > (PHP 4 >= 4.2.0, PHP 5)</P >openssl_csr_sign -- Sign a CSR with another certificate (or itself) and generate a certificate</DIV ><DIV CLASS="refsect1" ><A NAME="AEN84784" ></A ><H2 >Description</H2 >resource <B CLASS="methodname" >openssl_csr_sign</B > ( mixed csr, mixed cacert, mixed priv_key, int days [, array configargs [, int serial]])<BR ></BR ><P > <B CLASS="function" >openssl_csr_sign()</B > generates an x509 certificate resource from the <VAR CLASS="parameter" >csr</VAR > previously generated by <A HREF="function.openssl-csr-new.html" ><B CLASS="function" >openssl_csr_new()</B ></A >, but it can also be the path to a PEM encoded CSR when specified as <TT CLASS="filename" >file://path/to/csr</TT > or an exported string generated by <A HREF="function.openssl-csr-export.html" ><B CLASS="function" >openssl_csr_export()</B ></A >. The generated certificate will be signed by <VAR CLASS="parameter" >cacert</VAR >. If <VAR CLASS="parameter" >cacert</VAR > is <TT CLASS="constant" ><B >NULL</B ></TT >, the generated certificate will be a self-signed certificate. <VAR CLASS="parameter" >priv_key</VAR > is the private key that corresponds to <VAR CLASS="parameter" >cacert</VAR >. <VAR CLASS="parameter" >days</VAR > specifies the length of time for which the generated certificate will be valid, in days. You can finetune the CSR signing by <VAR CLASS="parameter" >configargs</VAR >. See <A HREF="function.openssl-csr-new.html" ><B CLASS="function" >openssl_csr_new()</B ></A > for more information about <VAR CLASS="parameter" >configargs</VAR >. Since PHP 4.3.3 you can specify the serial number of issued certificate by <VAR CLASS="parameter" >serial</VAR >. In earlier versions, it was always 0. </P ><P > Returns an x509 certificate resource on success, <TT CLASS="constant" ><B >FALSE</B ></TT > on failure. </P ><DIV CLASS="note" ><BLOCKQUOTE CLASS="note" ><P ><B >Notã: </B > You need to have a valid <TT CLASS="filename" >openssl.cnf</TT > installed for this function to operate correctly. See the notes under <A HREF="ref.openssl.html#openssl.installation" >the installation section</A > for more information. </P ></BLOCKQUOTE ></DIV ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN84830" ></A ><P ><B >Exemplu 1. <B CLASS="function" >openssl_csr_sign()</B > example - signing a CSR (how to implement your own CA)</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br /></font><font color="#FF8000">// Let's assume that this script is set to receive a CSR that has<br />// been pasted into a textarea from another page<br /></font><font color="#0000BB">$csrdata </font><font color="#007700">= </font><font color="#0000BB">$_POST</font><font color="#007700">[</font><font color="#DD0000">"CSR"</font><font color="#007700">];<br /><br /></font><font color="#FF8000">// We will sign the request using our own "certificate authority"<br />// certificate. You can use any certificate to sign another, but<br />// the process is worthless unless the signing certificate is trusted<br />// by the software/users that will deal with the newly signed certificate<br /><br />// We need our CA cert and its private key<br /></font><font color="#0000BB">$cacert </font><font color="#007700">= </font><font color="#DD0000">"file://path/to/ca.crt"</font><font color="#007700">;<br /></font><font color="#0000BB">$privkey </font><font color="#007700">= array(</font><font color="#DD0000">"file://path/to/ca.key"</font><font color="#007700">, </font><font color="#DD0000">"your_ca_key_passphrase"</font><font color="#007700">);<br /><br /></font><font color="#0000BB">$userscert </font><font color="#007700">= </font><font color="#0000BB">openssl_csr_sign</font><font color="#007700">(</font><font color="#0000BB">$csrdata</font><font color="#007700">, </font><font color="#0000BB">$cacert</font><font color="#007700">, </font><font color="#0000BB">$privkey</font><font color="#007700">, </font><font color="#0000BB">365</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Now display the generated certificate so that the user can<br />// copy and paste it into their local configuration (such as a file<br />// to hold the certificate for their SSL server)<br /></font><font color="#0000BB">openssl_x509_export</font><font color="#007700">(</font><font color="#0000BB">$usercert</font><font color="#007700">, </font><font color="#0000BB">$certout</font><font color="#007700">);<br />echo </font><font color="#0000BB">$certout</font><font color="#007700">;<br /><br /></font><font color="#FF8000">// Show any errors that occurred here<br /></font><font color="#007700">while ((</font><font color="#0000BB">$e </font><font color="#007700">= </font><font color="#0000BB">openssl_error_string</font><font color="#007700">()) !== </font><font color="#0000BB">false</font><font color="#007700">) {<br /> echo </font><font color="#0000BB">$e </font><font color="#007700">. </font><font color="#DD0000">"\n"</font><font color="#007700">;<br />}<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.openssl-csr-new.html" ACCESSKEY="P" >Înapoi</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Acasã</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.openssl-error-string.html" ACCESSKEY="N" >Înainte</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >openssl_csr_new</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.openssl.html" ACCESSKEY="U" >Sus</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >openssl_error_string</TD ></TR ></TABLE ></DIV ></BODY ></HTML >