<HTML ><HEAD ><TITLE >openssl_csr_new</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Manual de PHP" HREF="index.html"><LINK REL="UP" TITLE="OpenSSL functions" HREF="ref.openssl.html"><LINK REL="PREVIOUS" TITLE="openssl_csr_export" HREF="function.openssl-csr-export.html"><LINK REL="NEXT" TITLE="openssl_csr_sign" HREF="function.openssl-csr-sign.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=ISO-8859-1"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Manual de PHP</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.openssl-csr-export.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.openssl-csr-sign.html" ACCESSKEY="N" >Siguiente</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.openssl-csr-new" ></A >openssl_csr_new</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN55714" ></A ><P > (PHP 4 >= 4.2.0)</P >openssl_csr_new -- Generates a CSR</DIV ><DIV CLASS="refsect1" ><A NAME="AEN55717" ></A ><H2 >Description</H2 >bool <B CLASS="methodname" >openssl_csr_new</B > ( array dn, resource privkey [, array configargs [, array extraattribs]])<BR ></BR ><P > <B CLASS="function" >openssl_csr_new()</B > generates a new CSR (Certificate Signing Request) based on the information provided by <TT CLASS="parameter" ><I >dn</I ></TT >, which represents the Distinguished Name to be used in the certificate. </P ><P > <TT CLASS="parameter" ><I >privkey</I ></TT > should be set to a private key that was previously generated by <A HREF="function.openssl-pkey-new.html" ><B CLASS="function" >openssl_pkey_new()</B ></A > (or otherwise obtained from the other openssl_pkey family of functions). The corresponding public portion of the key will be used to sign the CSR. </P ><P > <TT CLASS="parameter" ><I >extraattribs</I ></TT > is used to specify additional configuration options for the CSR. Both <TT CLASS="parameter" ><I >dn</I ></TT > and <TT CLASS="parameter" ><I >extraattribs</I ></TT > are associative arrays whose keys are converted to OIDs and applied to the relevant part of the request. </P ><DIV CLASS="note" ><BLOCKQUOTE CLASS="note" ><P ><B >Nota: </B > You need to have a valid <TT CLASS="filename" >openssl.cnf</TT > installed for this function to operate correctly. See the notes under <A HREF="ref.openssl.html#openssl.installation" >the installation section</A > for more information. </P ></BLOCKQUOTE ></DIV ><P > By default, the information in your system <TT CLASS="literal" >openssl.conf</TT > is used to initialize the request; you can specify a configuration file section by setting the <TT CLASS="literal" >config_section_section</TT > key of <TT CLASS="parameter" ><I >configargs</I ></TT >. You can also specify and alternative openssl configuration file by setting the <TT CLASS="literal" >config</TT > key to the path of the file you want to use. The following keys, if present in <TT CLASS="parameter" ><I >configargs</I ></TT > behave as their equivalents in the <TT CLASS="literal" >openssl.conf</TT >, as listed in the table below. <DIV CLASS="table" ><A NAME="AEN55755" ></A ><P ><B >Tabla 1. Configuration overrides</B ></P ><TABLE BORDER="1" CLASS="CALSTABLE" ><THEAD ><TR ><TH ALIGN="LEFT" VALIGN="MIDDLE" ><TT CLASS="parameter" ><I >configargs</I ></TT > key</TH ><TH ALIGN="LEFT" VALIGN="MIDDLE" >type</TH ><TH ALIGN="LEFT" VALIGN="MIDDLE" ><TT CLASS="literal" >openssl.conf</TT > equivalent</TH ><TH ALIGN="LEFT" VALIGN="MIDDLE" >description</TH ></TR ></THEAD ><TBODY ><TR ><TD ALIGN="LEFT" VALIGN="MIDDLE" >digest_alg</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" ><A HREF="language.types.string.html" >string</A ></TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >default_md</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >Selects which digest method to use</TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="MIDDLE" >x509_extensions</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" ><A HREF="language.types.string.html" >string</A ></TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >x509_extensions</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >Selects which extensions should be used when creating an x509 certificate</TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="MIDDLE" >req_extensions</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" ><A HREF="language.types.string.html" >string</A ></TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >req_extensions</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >Selects which extensions should be used when creating a CSR</TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="MIDDLE" >private_key_bits</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" ><A HREF="language.types.html#language.types.integer" >integer</A ></TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >default_bits</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >Specifies how many bits should be used to generate a private key</TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="MIDDLE" >private_key_type</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" ><A HREF="language.types.html#language.types.integer" >integer</A ></TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >none</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >Specifies the type of private key to create. This can be one of <TT CLASS="constant" ><B >OPENSSL_KEYTYPE_DSA</B ></TT >, <TT CLASS="constant" ><B >OPENSSL_KEYTYPE_DH</B ></TT > or <TT CLASS="constant" ><B >OPENSSL_KEYTYPE_RSA</B ></TT >. The default value is <TT CLASS="constant" ><B >OPENSSL_KEYTYPE_RSA</B ></TT > which is currently the only supported key type. </TD ></TR ><TR ><TD ALIGN="LEFT" VALIGN="MIDDLE" >encrypt_key</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" ><A HREF="missing-stuff.html#language.types.boolean" >booean</A ></TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >encrypt_key</TD ><TD ALIGN="LEFT" VALIGN="MIDDLE" >Should an exported key (with passphrase) be encrypted?</TD ></TR ></TBODY ></TABLE ></DIV > </P ><P > Devuelve <TT CLASS="constant" ><B >TRUE</B ></TT > si todo fue bien, <TT CLASS="constant" ><B >FALSE</B ></TT > en caso de fallo. </P ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN55811" ></A ><P ><B >Ejemplo 1. <B CLASS="function" >openssl_csr_new()</B > example - creating a self-signed-certificate</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="php" >// Fill in data for the distinguished name to be used in the cert // You must change the values of these keys to match your name and // company, or more precisely, the name and company of the person/site // that you are generating the certificate for. // For SSL certificates, the commonName is usually the domain name of // that will be using the certificate, but for S/MIME certificates, // the commonName will be the name of the individual who will use the // certificate. $dn = array( "countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "wez@php.net" ); // Generate a new private (and public) key pair $privkey = openssl_pkey_new(); // Generate a certificate signing request $csr = openssl_csr_new($dn, $privkey); // You will usually want to create a self-signed certificate at this // point until your CA fulfills your request. // This creates a self-signed cert that is valid for 365 days $sscert = openssl_csr_sign($csr, null, $privkey, 365); // Now you will want to preserve your private key, CSR and self-signed // cert so that they can be installed into your web server, mail server // or mail client (depending on the intended use of the certificate). // This example shows how to get those things into variables, but you // can also store them directly into files. // Typically, you will send the CSR on to your CA who will then issue // you with the "real" certificate. openssl_csr_export($csr, $csrout) and debug_zval_dump($csrout); openssl_x509_export($sscert, $certout) and debug_zval_dump($certout); openssl_pkey_export($privkey, $pkeyout, "mypassword") and debug_zval_dump($pkeyout); // Show any errors that occurred here while (($e = openssl_error_string()) !== false) { echo $e . "\n"; }</PRE ></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.openssl-csr-export.html" ACCESSKEY="P" >Anterior</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Inicio</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.openssl-csr-sign.html" ACCESSKEY="N" >Siguiente</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >openssl_csr_export</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.openssl.html" ACCESSKEY="U" >Subir</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >openssl_csr_sign</TD ></TR ></TABLE ></DIV ></BODY ></HTML >