<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <HTML ><HEAD ><TITLE >openssl_csr_new</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK REL="HOME" TITLE="PHP 手册" HREF="index.html"><LINK REL="UP" TITLE="OpenSSL Functions" HREF="ref.openssl.html"><LINK REL="PREVIOUS" TITLE="openssl_csr_get_subject" HREF="function.openssl-csr-get-subject.html"><LINK REL="NEXT" TITLE="openssl_csr_sign" HREF="function.openssl-csr-sign.html"><META HTTP-EQUIV="Content-type" CONTENT="text/html; charset=UTF-8"></HEAD ><BODY CLASS="refentry" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >PHP 手册</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="function.openssl-csr-get-subject.html" ACCESSKEY="P" >上一页</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="function.openssl-csr-sign.html" ACCESSKEY="N" >下一页</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><H1 ><A NAME="function.openssl-csr-new" ></A >openssl_csr_new</H1 ><DIV CLASS="refnamediv" ><A NAME="AEN163681" ></A ><P > (PHP 4 >= 4.2.0, PHP 5)</P >openssl_csr_new -- Generates a CSR</DIV ><DIV CLASS="refsect1" ><A NAME="AEN163684" ></A ><H2 >Description</H2 >mixed <B CLASS="methodname" >openssl_csr_new</B > ( array dn, resource &privkey [, array configargs [, array extraattribs]] )<BR ></BR ><P > <B CLASS="function" >openssl_csr_new()</B > generates a new CSR (Certificate Signing Request) based on the information provided by <CODE CLASS="parameter" >dn</CODE >, which represents the Distinguished Name to be used in the certificate. </P ><P > <CODE CLASS="parameter" >privkey</CODE > should be set to a private key that was previously generated by <A HREF="function.openssl-pkey-new.html" ><B CLASS="function" >openssl_pkey_new()</B ></A > (or otherwise obtained from the other openssl_pkey family of functions). The corresponding public portion of the key will be used to sign the CSR. </P ><P > <CODE CLASS="parameter" >extraattribs</CODE > is used to specify additional configuration options for the CSR. Both <CODE CLASS="parameter" >dn</CODE > and <CODE CLASS="parameter" >extraattribs</CODE > are associative arrays whose keys are converted to OIDs and applied to the relevant part of the request. </P ><DIV CLASS="note" ><BLOCKQUOTE CLASS="note" ><P ><B >注意: </B > You need to have a valid <TT CLASS="filename" >openssl.cnf</TT > installed for this function to operate correctly. See the notes under <A HREF="ref.openssl.html#openssl.installation" >the installation section</A > for more information. </P ></BLOCKQUOTE ></DIV ><P > By default, the information in your system <TT CLASS="literal" >openssl.conf</TT > is used to initialize the request; you can specify a configuration file section by setting the <TT CLASS="literal" >config_section_section</TT > key of <CODE CLASS="parameter" >configargs</CODE >. You can also specify an alternative openssl configuration file by setting the value of the <TT CLASS="literal" >config</TT > key to the path of the file you want to use. The following keys, if present in <CODE CLASS="parameter" >configargs</CODE > behave as their equivalents in the <TT CLASS="literal" >openssl.conf</TT >, as listed in the table below. <DIV CLASS="table" ><A NAME="AEN163722" ></A ><P ><B >表 1. Configuration overrides</B ></P ><TABLE BORDER="1" CLASS="CALSTABLE" ><COL><COL><COL><THEAD ><TR ><TH ><CODE CLASS="parameter" >configargs</CODE > key</TH ><TH >type</TH ><TH ><TT CLASS="literal" >openssl.conf</TT > equivalent</TH ><TH >description</TH ></TR ></THEAD ><TBODY ><TR ><TD >digest_alg</TD ><TD ><A HREF="language.types.string.html" ><B CLASS="type" >string</B ></A ></TD ><TD >default_md</TD ><TD >Selects which digest method to use</TD ></TR ><TR ><TD >x509_extensions</TD ><TD ><A HREF="language.types.string.html" ><B CLASS="type" >string</B ></A ></TD ><TD >x509_extensions</TD ><TD >Selects which extensions should be used when creating an x509 certificate</TD ></TR ><TR ><TD >req_extensions</TD ><TD ><A HREF="language.types.string.html" ><B CLASS="type" >string</B ></A ></TD ><TD >req_extensions</TD ><TD >Selects which extensions should be used when creating a CSR</TD ></TR ><TR ><TD >private_key_bits</TD ><TD ><A HREF="language.types.integer.html" ><B CLASS="type" >integer</B ></A ></TD ><TD >default_bits</TD ><TD >Specifies how many bits should be used to generate a private key</TD ></TR ><TR ><TD >private_key_type</TD ><TD ><A HREF="language.types.integer.html" ><B CLASS="type" >integer</B ></A ></TD ><TD >none</TD ><TD >Specifies the type of private key to create. This can be one of <TT CLASS="constant" ><B >OPENSSL_KEYTYPE_DSA</B ></TT >, <TT CLASS="constant" ><B >OPENSSL_KEYTYPE_DH</B ></TT > or <TT CLASS="constant" ><B >OPENSSL_KEYTYPE_RSA</B ></TT >. The default value is <TT CLASS="constant" ><B >OPENSSL_KEYTYPE_RSA</B ></TT > which is currently the only supported key type. </TD ></TR ><TR ><TD >encrypt_key</TD ><TD ><A HREF="language.types.boolean.html" ><B CLASS="type" >boolean</B ></A ></TD ><TD >encrypt_key</TD ><TD >Should an exported key (with passphrase) be encrypted?</TD ></TR ></TBODY ></TABLE ></DIV > </P ><P > 如果成功则返回 <TT CLASS="constant" ><B >TRUE</B ></TT >,失败则返回 <TT CLASS="constant" ><B >FALSE</B ></TT >。 </P ><P > <TABLE WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" CLASS="EXAMPLE" ><TR ><TD ><DIV CLASS="example" ><A NAME="AEN163778" ></A ><P ><B >例 1. <B CLASS="function" >openssl_csr_new()</B > example - creating a self-signed-certificate</B ></P ><TABLE BORDER="0" BGCOLOR="#E0E0E0" CELLPADDING="5" ><TR ><TD ><code><font color="#000000"> <font color="#0000BB"><?php<br /></font><font color="#FF8000">// Fill in data for the distinguished name to be used in the cert<br />// You must change the values of these keys to match your name and<br />// company, or more precisely, the name and company of the person/site<br />// that you are generating the certificate for.<br />// For SSL certificates, the commonName is usually the domain name of<br />// that will be using the certificate, but for S/MIME certificates,<br />// the commonName will be the name of the individual who will use the<br />// certificate.<br /></font><font color="#0000BB">$dn </font><font color="#007700">= array(<br /> </font><font color="#DD0000">"countryName" </font><font color="#007700">=> </font><font color="#DD0000">"UK"</font><font color="#007700">,<br /> </font><font color="#DD0000">"stateOrProvinceName" </font><font color="#007700">=> </font><font color="#DD0000">"Somerset"</font><font color="#007700">,<br /> </font><font color="#DD0000">"localityName" </font><font color="#007700">=> </font><font color="#DD0000">"Glastonbury"</font><font color="#007700">,<br /> </font><font color="#DD0000">"organizationName" </font><font color="#007700">=> </font><font color="#DD0000">"The Brain Room Limited"</font><font color="#007700">,<br /> </font><font color="#DD0000">"organizationalUnitName" </font><font color="#007700">=> </font><font color="#DD0000">"PHP Documentation Team"</font><font color="#007700">,<br /> </font><font color="#DD0000">"commonName" </font><font color="#007700">=> </font><font color="#DD0000">"Wez Furlong"</font><font color="#007700">,<br /> </font><font color="#DD0000">"emailAddress" </font><font color="#007700">=> </font><font color="#DD0000">"wez@example.com"<br /></font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Generate a new private (and public) key pair<br /></font><font color="#0000BB">$privkey </font><font color="#007700">= </font><font color="#0000BB">openssl_pkey_new</font><font color="#007700">();<br /><br /></font><font color="#FF8000">// Generate a certificate signing request<br /></font><font color="#0000BB">$csr </font><font color="#007700">= </font><font color="#0000BB">openssl_csr_new</font><font color="#007700">(</font><font color="#0000BB">$dn</font><font color="#007700">, </font><font color="#0000BB">$privkey</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// You will usually want to create a self-signed certificate at this<br />// point until your CA fulfills your request.<br />// This creates a self-signed cert that is valid for 365 days<br /></font><font color="#0000BB">$sscert </font><font color="#007700">= </font><font color="#0000BB">openssl_csr_sign</font><font color="#007700">(</font><font color="#0000BB">$csr</font><font color="#007700">, </font><font color="#0000BB">null</font><font color="#007700">, </font><font color="#0000BB">$privkey</font><font color="#007700">, </font><font color="#0000BB">365</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Now you will want to preserve your private key, CSR and self-signed<br />// cert so that they can be installed into your web server, mail server<br />// or mail client (depending on the intended use of the certificate).<br />// This example shows how to get those things into variables, but you<br />// can also store them directly into files.<br />// Typically, you will send the CSR on to your CA who will then issue<br />// you with the "real" certificate.<br /></font><font color="#0000BB">openssl_csr_export</font><font color="#007700">(</font><font color="#0000BB">$csr</font><font color="#007700">, </font><font color="#0000BB">$csrout</font><font color="#007700">) and </font><font color="#0000BB">var_dump</font><font color="#007700">(</font><font color="#0000BB">$csrout</font><font color="#007700">);<br /></font><font color="#0000BB">openssl_x509_export</font><font color="#007700">(</font><font color="#0000BB">$sscert</font><font color="#007700">, </font><font color="#0000BB">$certout</font><font color="#007700">) and </font><font color="#0000BB">var_dump</font><font color="#007700">(</font><font color="#0000BB">$certout</font><font color="#007700">);<br /></font><font color="#0000BB">openssl_pkey_export</font><font color="#007700">(</font><font color="#0000BB">$privkey</font><font color="#007700">, </font><font color="#0000BB">$pkeyout</font><font color="#007700">, </font><font color="#DD0000">"mypassword"</font><font color="#007700">) and </font><font color="#0000BB">var_dump</font><font color="#007700">(</font><font color="#0000BB">$pkeyout</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Show any errors that occurred here<br /></font><font color="#007700">while ((</font><font color="#0000BB">$e </font><font color="#007700">= </font><font color="#0000BB">openssl_error_string</font><font color="#007700">()) !== </font><font color="#0000BB">false</font><font color="#007700">) {<br /> echo </font><font color="#0000BB">$e </font><font color="#007700">. </font><font color="#DD0000">"\n"</font><font color="#007700">;<br />}<br /></font><font color="#0000BB">?></font> </font> </code></TD ></TR ></TABLE ></DIV ></TD ></TR ></TABLE > </P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="function.openssl-csr-get-subject.html" ACCESSKEY="P" >上一页</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >起始页</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="function.openssl-csr-sign.html" ACCESSKEY="N" >下一页</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >openssl_csr_get_subject</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ref.openssl.html" ACCESSKEY="U" >上一级</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >openssl_csr_sign</TD ></TR ></TABLE ></DIV ></BODY ></HTML >