所以,我尝试使用PHP和Openssl创建自己的CA(证书颁发机构).我尝试创建用户CSR并签名.
function addcsr(){
$dn = array(
"countryName" => $_POST['CountryName'],
"stateOrProvinceName" => $_POST['StateOrProvince'],
"localityName" => $_POST['LocalityName'],
"organizationName" => $_POST['OrganizationalName'],
"organizationalUnitName" => $_POST['OrganizationalUnitName'],
"commonName" => $_POST['CommonName'],
"emailAddress" => $_POST['EmailAddress']
);
$configArgs = array(
'private_key_bits' => 2048
);
$key = openssl_pkey_new($configArgs);
openssl_pkey_export($key, $privkey);
$pubkey = openssl_pkey_get_details($key);
$pubkey = $pubkey["key"];
$csr = openssl_csr_new($dn, $privkey);
openssl_csr_export($csr, $csrstring);
$cacert = "file://ca.pem";
$privkeyca = array("file://ca.key", "daniel123");
$usercert = openssl_csr_sign($csrstring, $cacert, $privkeyca, 365);
// test
$this->load->view('create_view', $data);
在openssl_csr_sign($ csrstring,$ cacert,$ privkeyca,365)之前,Everyting的工作正常.$ usercert返回false并且有错误:
消息:openssl_csr_sign()[function.openssl-csr-sign]:无法从参数2获取证书
我试图改变:
authorityKeyIdentifier = keyid:always,issuer:always into …