<HTML ><HEAD ><TITLE >openssl_csr_sign</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="PHP Manual" HREF="index.html"><LINK REL="UP" TITLE="OpenSSL functions" HREF="ref.openssl.html"><LINK REL="PREVIOUS" TITLE="openssl_csr_new" HREF="function.openssl-csr-new.html"><LINK REL="NEXT" TITLE="openssl_error_string" HREF="function.openssl-error-string.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=ISO-8859-1"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >PHP Manual</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.openssl-csr-new.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.openssl-error-string.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.openssl-csr-sign" ></A >openssl_csr_sign</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN68064" ></A ><P > (PHP 4 >= 4.2.0)</P >openssl_csr_sign -- Sign a CSR with another certificate (or itself) and generate a certificate</DIV ><DIV CLASS="refsect1" ><A NAME="AEN68067" ></A ><H2 >Description</H2 >resource <B CLASS="methodname" >openssl_csr_sign</B > ( mixed csr, mixed cacert, mixed priv_key, long days)<BR ></BR ><P > <B CLASS="function" >openssl_csr_sign()</B > generates an x509 certificate resource from the <TT CLASS="parameter" ><I >csr</I ></TT > previously generated by <A HREF="function.openssl-csr-new.html" ><B CLASS="function" >openssl_csr_new()</B ></A >, but it can also be the path to a PEM encoded CSR when specified as <TT CLASS="filename" >file://path/to/csr</TT > or an exported string generated by <A HREF="function.openssl-csr-export.html" ><B CLASS="function" >openssl_csr_export()</B ></A >. The generated certificate will be signed by <TT CLASS="parameter" ><I >cacert</I ></TT >. If <TT CLASS="parameter" ><I >cacert</I ></TT > is <TT CLASS="constant" ><B >NULL</B ></TT >, the generated certificate will be a self-signed certificate. <TT CLASS="parameter" ><I >priv_key</I ></TT > is the private key that corresponds to <TT CLASS="parameter" ><I >cacert</I ></TT >. <TT CLASS="parameter" ><I >days</I ></TT > specifies the length of time for which the generated certificate will be valid, in days. </P ><P > Returns an x509 certificate resource on success, <TT CLASS="constant" ><B >FALSE</B ></TT > on failure. </P ><DIV CLASS="note" ><BLOCKQUOTE CLASS="note" ><P ><B >Note: </B > You need to have a valid <TT CLASS="filename" >openssl.cnf</TT > installed for this function to operate correctly. See the notes under <A HREF="ref.openssl.html#openssl.installation" >the installation section</A > for more information. </P ></BLOCKQUOTE ></DIV ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN68103" ></A ><P ><B >Example 1. <B CLASS="function" >openssl_csr_sign()</B > example - signing a CSR (how to implement your own CA)</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><PRE CLASS="php" >// Let's assume that this script is set to receive a CSR that has // been pasted into a textarea from another page $csrdata = $_POST["CSR"]; // We will sign the request using our own "certificate authority" // certificate. You can use any certificate to sign another, but // the process is worthless unless the signing certificate is trusted // by the software/users that will deal with the newly signed certificate // We need our CA cert and it's private key $cacert = "file://path/to/ca.crt"; $privkey = array("file://path/to/ca.key", "your_ca_key_passphrase"); $userscert = openssl_csr_sign($csrdata, $cacert, $privkey, 365); // Now display the generated certificate so that the user can // copy and paste it into their local configuration (such as a file // to hold the certificate for their SSL server) openssl_x509_export($usercert, $certout) and echo $certout; // Show any errors that occurred here while (($e = openssl_error_string()) !== false) { echo $e . "\n"; }</PRE ></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.openssl-csr-new.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.openssl-error-string.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >openssl_csr_new</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.openssl.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >openssl_error_string</TD ></TR ></TABLE ></DIV ></BODY ></HTML >