Hello List,
I'm trying to get the following code to work :
<?
$dn = array("countryName" => "US",
"stateOrProvinceName" => "state",
"localityName" => "town",
"organizationName" => "foo",
"organizationalUnitName" => "foo",
"commonName" => "www.domain.com",
"emailAddress" => "[EMAIL PROTECTED]");
$privkey = openssl_pkey_new(array("config" => "/usr/share/ssl/openssl.cnf"));
// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "<br>\n";
}
openssl_csr_export($csr, $csrout);
openssl_pkey_export($privkey, $pkeyout, "");
openssl_x509_export($sscert, $crtout);
$match = openssl_x509_check_private_key($crtout, $pkeyout);
if ($match) {
echo "<p>Yes, these match</p>";
}
else {
echo "<pre>Error: crt and key do not match</pre>";
}
exit();
?>
The code is mainly from the php manual pages and notes.
It appears to correctly generate a key, csr and crt. However when I try to verify
them with:
openssl_x509_check_private_key()
I get a mismatch. Any ideas?
There are some errors generated on the csr creation but when I echo the text of the
.crt and .key
they appear to be valid so I'm not too sure what is going on?
Is anyone aware of where I can find some code similiar to this that works (create csr
and key on
demand). Thanks in advance!
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
