使用openssl生成证书及密钥失败

$privateKey = openssl_pkey_new();
while($message = openssl_error_string()){
    echo $message.'
'.PHP_EOL; }

调用后会有如下输出:

error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
error:02001003:system library:fopen:No such process
error:2006D080:BIO routines:BIO_new_file:no such file
error:0E064002:configuration file routines:CONF_load:system lib
过程中,openssl_csr_new,openssl_csr_sign,openssl_pkey_new 这3个方法调用都会有上述错误输出


解决方案,为每个方法指定openssl.conf文件路径

修改后成功运行demo如下:

		$dn = array(
				"countryName" => 'XX', //所在国家名称
				"stateOrProvinceName" => 'State', //所在省份名称
				"localityName" => 'SomewhereCity', //所在城市名称
				"organizationName" => 'MySelf',   //注册人姓名
				"organizationalUnitName" => 'Whatever', //组织名称
				"commonName" => 'mySelf', //公共名称
				"emailAddress" => '[email protected]' //邮箱
		);
		 
		$privkeypass = '111111'; //私钥密码
		$numberofdays = 365;     //有效时长
		$cerpath = "./test.cer"; //生成证书路径
		$pfxpath = "./test.pfx"; //密钥文件路径
		 
		 
		//生成证书
		//$privkey = openssl_pkey_new();
		$opensslConfigPath = "E:/XAMPP/apache/bin/openssl.cnf";		//E:/XAMPP/php/extras/openssl/openssl.cnf	"E:/XAMPP/apache/conf/openssl.cnf"; 	//apache路径下的openssl.conf文件路径
		// E:/XAMPP/apache/bin/openssl.cnf
		
		var_dump(getenv('OPENSSL_CONF'));
		
		//	set OPENSSL_CONF="E:/XAMPP/php/extras/openssl/openssl.cnf"
		//	set OPENSSL_CONF="E:/XAMPP/apache/conf/openssl.cnf"
		//  set OPENSSL_CONF="E:/XAMPP/apache/bin/openssl.cnf"
		
		
		$config = array(
				'private_key_bits'  => 2048,
				'config'			=> $opensslConfigPath
		);
		$privkey = openssl_pkey_new($config);
		var_dump('1#openssl_pkey_new::::');var_dump ($privkey);
		
		
		
		
		
		$configargs = array('config'=>$opensslConfigPath);
		$csr = openssl_csr_new($dn, $privkey,$configargs);
		var_dump('2#openssl_csr_new::::');var_dump($csr);
		
		
		
		
		
		
		$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays, $configargs);
		var_dump('3#openssl_csr_sign::::');var_dump($sscert);
		
		
		openssl_x509_export($sscert, $csrkey); //导出证书$csrkey
		openssl_pkcs12_export($sscert, $privatekey, $privkey, $privkeypass); //导出密钥$privatekey
		//生成证书文件
		$fp = fopen($cerpath, "w");
		fwrite($fp, $csrkey);
		fclose($fp);
		//生成密钥文件
		$fp = fopen($pfxpath, "w");
		fwrite($fp, $privatekey);
		fclose($fp); 
		
		
		
		while (($e = openssl_error_string()) !== false) {
			echo $e . "\n

"; }exit();


你可能感兴趣的:(PHP)