<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <title>Generates a CSR</title> </head> <body><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-get-subject.html">openssl_csr_get_subject</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.openssl-csr-sign.html">openssl_csr_sign</a></div> <div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div><hr /><div id="function.openssl-csr-new" class="refentry"> <div class="refnamediv"> <h1 class="refname">openssl_csr_new</h1> <p class="verinfo">(PHP 4 >= 4.2.0, PHP 5)</p><p class="refpurpose"><span class="refname">openssl_csr_new</span> — <span class="dc-title">Generates a CSR</span></p> </div> <div class="refsect1 description" id="refsect1-function.openssl-csr-new-description"> <h3 class="title">Description</h3> <div class="methodsynopsis dc-description"> <span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <span class="methodname"><strong>openssl_csr_new</strong></span> ( <span class="methodparam"><span class="type">array</span> <code class="parameter">$dn</code></span> , <span class="methodparam"><span class="type">resource</span> <code class="parameter reference">&$privkey</code></span> [, <span class="methodparam"><span class="type">array</span> <code class="parameter">$configargs</code></span> [, <span class="methodparam"><span class="type">array</span> <code class="parameter">$extraattribs</code></span> ]] )</div> <p class="para rdfs-comment"> <span class="function"><strong>openssl_csr_new()</strong></span> generates a new CSR (Certificate Signing Request) based on the information provided by <em><code class="parameter">dn</code></em>, which represents the Distinguished Name to be used in the certificate. </p> <blockquote class="note"><p><strong class="note">Note</strong>: <span class="simpara"> You need to have a valid <var class="filename">openssl.cnf</var> installed for this function to operate correctly. See the notes under <a href="openssl.installation.html" class="link">the installation section</a> for more information. </span> </p></blockquote> </div> <div class="refsect1 parameters" id="refsect1-function.openssl-csr-new-parameters"> <h3 class="title">Parameters</h3> <p class="para"> <dl> <dt> <span class="term"><em><code class="parameter">dn</code></em></span> <dd> <p class="para"> The Distinguished Name to be used in the certificate. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">privkey</code></em></span> <dd> <p class="para"> <em><code class="parameter">privkey</code></em> should be set to a private key that was previously generated by <span class="function"><a href="function.openssl-pkey-new.html" class="function">openssl_pkey_new()</a></span> (or otherwise obtained from the other openssl_pkey family of functions). The corresponding public portion of the key will be used to sign the CSR. </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">configargs</code></em></span> <dd> <p class="para"> By default, the information in your system <em>openssl.conf</em> is used to initialize the request; you can specify a configuration file section by setting the <em>config_section_section</em> key of <em><code class="parameter">configargs</code></em>. You can also specify an alternative openssl configuration file by setting the value of the <em>config</em> key to the path of the file you want to use. The following keys, if present in <em><code class="parameter">configargs</code></em> behave as their equivalents in the <em>openssl.conf</em>, as listed in the table below. <table class="doctable table"> <caption><strong>Configuration overrides</strong></caption> <thead> <tr> <th><em><code class="parameter">configargs</code></em> key</th> <th>type</th> <th><em>openssl.conf</em> equivalent</th> <th>description</th> </tr> </thead> <tbody class="tbody"> <tr> <td>digest_alg</td> <td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td> <td>default_md</td> <td>Selects which digest method to use</td> </tr> <tr> <td>x509_extensions</td> <td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td> <td>x509_extensions</td> <td>Selects which extensions should be used when creating an x509 certificate</td> </tr> <tr> <td>req_extensions</td> <td><span class="type"><a href="language.types.string.html" class="type string">string</a></span></td> <td>req_extensions</td> <td>Selects which extensions should be used when creating a CSR</td> </tr> <tr> <td>private_key_bits</td> <td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td> <td>default_bits</td> <td>Specifies how many bits should be used to generate a private key</td> </tr> <tr> <td>private_key_type</td> <td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td> <td>none</td> <td>Specifies the type of private key to create. This can be one of <strong><code>OPENSSL_KEYTYPE_DSA</code></strong>, <strong><code>OPENSSL_KEYTYPE_DH</code></strong> or <strong><code>OPENSSL_KEYTYPE_RSA</code></strong>. The default value is <strong><code>OPENSSL_KEYTYPE_RSA</code></strong> which is currently the only supported key type. </td> </tr> <tr> <td>encrypt_key</td> <td><span class="type"><a href="language.types.boolean.html" class="type boolean">boolean</a></span></td> <td>encrypt_key</td> <td>Should an exported key (with passphrase) be encrypted?</td> </tr> <tr> <td>encrypt_key_cipher</td> <td><span class="type"><a href="language.types.integer.html" class="type integer">integer</a></span></td> <td>none</td> <td> One of <a href="openssl.ciphers.html" class="link">cipher constants</a>. </td> </tr> </tbody> </table> </p> </dd> </dt> <dt> <span class="term"><em><code class="parameter">extraattribs</code></em></span> <dd> <p class="para"> <em><code class="parameter">extraattribs</code></em> is used to specify additional configuration options for the CSR. Both <em><code class="parameter">dn</code></em> and <em><code class="parameter">extraattribs</code></em> are associative arrays whose keys are converted to OIDs and applied to the relevant part of the request. </p> </dd> </dt> </dl> </p> </div> <div class="refsect1 returnvalues" id="refsect1-function.openssl-csr-new-returnvalues"> <h3 class="title">Return Values</h3> <p class="para"> Returns the CSR. </p> </div> <div class="refsect1 examples" id="refsect1-function.openssl-csr-new-examples"> <h3 class="title">Examples</h3> <p class="para"> <div class="example" id="example-859"> <p><strong>Example #1 Creating a self-signed-certificate</strong></p> <div class="example-contents"> <div class="phpcode"><code><span style="color: #000000"> <span style="color: #0000BB"><?php<br /></span><span style="color: #FF8000">// Fill in data for the distinguished name to be used in the cert<br />// You must change the values of these keys to match your name and<br />// company, or more precisely, the name and company of the person/site<br />// that you are generating the certificate for.<br />// For SSL certificates, the commonName is usually the domain name of<br />// that will be using the certificate, but for S/MIME certificates,<br />// the commonName will be the name of the individual who will use the<br />// certificate.<br /></span><span style="color: #0000BB">$dn </span><span style="color: #007700">= array(<br /> </span><span style="color: #DD0000">"countryName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"UK"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"stateOrProvinceName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"Somerset"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"localityName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"Glastonbury"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"organizationName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"The Brain Room Limited"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"organizationalUnitName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"PHP Documentation Team"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"commonName" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"Wez Furlong"</span><span style="color: #007700">,<br /> </span><span style="color: #DD0000">"emailAddress" </span><span style="color: #007700">=> </span><span style="color: #DD0000">"wez@example.com"<br /></span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">// Generate a new private (and public) key pair<br /></span><span style="color: #0000BB">$privkey </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_pkey_new</span><span style="color: #007700">();<br /><br /></span><span style="color: #FF8000">// Generate a certificate signing request<br /></span><span style="color: #0000BB">$csr </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_csr_new</span><span style="color: #007700">(</span><span style="color: #0000BB">$dn</span><span style="color: #007700">, </span><span style="color: #0000BB">$privkey</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">// You will usually want to create a self-signed certificate at this<br />// point until your CA fulfills your request.<br />// This creates a self-signed cert that is valid for 365 days<br /></span><span style="color: #0000BB">$sscert </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_csr_sign</span><span style="color: #007700">(</span><span style="color: #0000BB">$csr</span><span style="color: #007700">, </span><span style="color: #0000BB">null</span><span style="color: #007700">, </span><span style="color: #0000BB">$privkey</span><span style="color: #007700">, </span><span style="color: #0000BB">365</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">// Now you will want to preserve your private key, CSR and self-signed<br />// cert so that they can be installed into your web server, mail server<br />// or mail client (depending on the intended use of the certificate).<br />// This example shows how to get those things into variables, but you<br />// can also store them directly into files.<br />// Typically, you will send the CSR on to your CA who will then issue<br />// you with the "real" certificate.<br /></span><span style="color: #0000BB">openssl_csr_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$csr</span><span style="color: #007700">, </span><span style="color: #0000BB">$csrout</span><span style="color: #007700">) and </span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$csrout</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">openssl_x509_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$sscert</span><span style="color: #007700">, </span><span style="color: #0000BB">$certout</span><span style="color: #007700">) and </span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$certout</span><span style="color: #007700">);<br /></span><span style="color: #0000BB">openssl_pkey_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$privkey</span><span style="color: #007700">, </span><span style="color: #0000BB">$pkeyout</span><span style="color: #007700">, </span><span style="color: #DD0000">"mypassword"</span><span style="color: #007700">) and </span><span style="color: #0000BB">var_dump</span><span style="color: #007700">(</span><span style="color: #0000BB">$pkeyout</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">// Show any errors that occurred here<br /></span><span style="color: #007700">while ((</span><span style="color: #0000BB">$e </span><span style="color: #007700">= </span><span style="color: #0000BB">openssl_error_string</span><span style="color: #007700">()) !== </span><span style="color: #0000BB">false</span><span style="color: #007700">) {<br /> echo </span><span style="color: #0000BB">$e </span><span style="color: #007700">. </span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?></span> </span> </code></div> </div> </div> </p> </div> </div><hr /><div class="manualnavbar" style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-get-subject.html">openssl_csr_get_subject</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.openssl-csr-sign.html">openssl_csr_sign</a></div> <div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div> </div></body></html>