<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>openssl_csr_new</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REL="HOME"
TITLE="PHP 手册"
HREF="index.html"><LINK
REL="UP"
TITLE="OpenSSL Functions"
HREF="ref.openssl.html"><LINK
REL="PREVIOUS"
TITLE="openssl_csr_get_subject"
HREF="function.openssl-csr-get-subject.html"><LINK
REL="NEXT"
TITLE="openssl_csr_sign"
HREF="function.openssl-csr-sign.html"><META
HTTP-EQUIV="Content-type"
CONTENT="text/html; charset=UTF-8"></HEAD
><BODY
CLASS="refentry"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>PHP 手册</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="function.openssl-csr-get-subject.html"
ACCESSKEY="P"
>上一页</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="function.openssl-csr-sign.html"
ACCESSKEY="N"
>下一页</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><H1
><A
NAME="function.openssl-csr-new"
></A
>openssl_csr_new</H1
><DIV
CLASS="refnamediv"
><A
NAME="AEN163681"
></A
><P
> (PHP 4 >= 4.2.0, PHP 5)</P
>openssl_csr_new -- Generates a CSR</DIV
><DIV
CLASS="refsect1"
><A
NAME="AEN163684"
></A
><H2
>Description</H2
>mixed <B
CLASS="methodname"
>openssl_csr_new</B
> ( array dn, resource &privkey [, array configargs [, array extraattribs]] )<BR
></BR
><P
> <B
CLASS="function"
>openssl_csr_new()</B
> generates a new CSR (Certificate Signing Request)
based on the information provided by <CODE
CLASS="parameter"
>dn</CODE
>, which represents the
Distinguished Name to be used in the certificate.
</P
><P
> <CODE
CLASS="parameter"
>privkey</CODE
> should be set to a private key that was
previously generated by <A
HREF="function.openssl-pkey-new.html"
><B
CLASS="function"
>openssl_pkey_new()</B
></A
> (or
otherwise obtained from the other openssl_pkey family of functions).
The corresponding public portion of the key will be used to sign the
CSR.
</P
><P
> <CODE
CLASS="parameter"
>extraattribs</CODE
> is used to specify additional
configuration options for the CSR. Both <CODE
CLASS="parameter"
>dn</CODE
> and
<CODE
CLASS="parameter"
>extraattribs</CODE
> are associative arrays whose keys are
converted to OIDs and applied to the relevant part of the request.
</P
><DIV
CLASS="note"
><BLOCKQUOTE
CLASS="note"
><P
><B
>注意: </B
>
You need to have a valid <TT
CLASS="filename"
>openssl.cnf</TT
> installed for
this function to operate correctly.
See the notes under <A
HREF="ref.openssl.html#openssl.installation"
>the installation
section</A
> for more information.
</P
></BLOCKQUOTE
></DIV
><P
> By default, the information in your system <TT
CLASS="literal"
>openssl.conf</TT
>
is used to initialize the request; you can specify a configuration file
section by setting the <TT
CLASS="literal"
>config_section_section</TT
> key of
<CODE
CLASS="parameter"
>configargs</CODE
>. You can also specify an alternative
openssl configuration file by setting the value of the
<TT
CLASS="literal"
>config</TT
> key to the path of the file you want to use.
The following keys, if present in <CODE
CLASS="parameter"
>configargs</CODE
>
behave as their equivalents in the <TT
CLASS="literal"
>openssl.conf</TT
>, as
listed in the table below.
<DIV
CLASS="table"
><A
NAME="AEN163722"
></A
><P
><B
>表 1. Configuration overrides</B
></P
><TABLE
BORDER="1"
CLASS="CALSTABLE"
><COL><COL><COL><THEAD
><TR
><TH
><CODE
CLASS="parameter"
>configargs</CODE
> key</TH
><TH
>type</TH
><TH
><TT
CLASS="literal"
>openssl.conf</TT
> equivalent</TH
><TH
>description</TH
></TR
></THEAD
><TBODY
><TR
><TD
>digest_alg</TD
><TD
><A
HREF="language.types.string.html"
><B
CLASS="type"
>string</B
></A
></TD
><TD
>default_md</TD
><TD
>Selects which digest method to use</TD
></TR
><TR
><TD
>x509_extensions</TD
><TD
><A
HREF="language.types.string.html"
><B
CLASS="type"
>string</B
></A
></TD
><TD
>x509_extensions</TD
><TD
>Selects which extensions should be used when creating an x509
certificate</TD
></TR
><TR
><TD
>req_extensions</TD
><TD
><A
HREF="language.types.string.html"
><B
CLASS="type"
>string</B
></A
></TD
><TD
>req_extensions</TD
><TD
>Selects which extensions should be used when creating a CSR</TD
></TR
><TR
><TD
>private_key_bits</TD
><TD
><A
HREF="language.types.integer.html"
><B
CLASS="type"
>integer</B
></A
></TD
><TD
>default_bits</TD
><TD
>Specifies how many bits should be used to generate a private
key</TD
></TR
><TR
><TD
>private_key_type</TD
><TD
><A
HREF="language.types.integer.html"
><B
CLASS="type"
>integer</B
></A
></TD
><TD
>none</TD
><TD
>Specifies the type of private key to create. This can be one
of <TT
CLASS="constant"
><B
>OPENSSL_KEYTYPE_DSA</B
></TT
>,
<TT
CLASS="constant"
><B
>OPENSSL_KEYTYPE_DH</B
></TT
> or
<TT
CLASS="constant"
><B
>OPENSSL_KEYTYPE_RSA</B
></TT
>.
The default value is <TT
CLASS="constant"
><B
>OPENSSL_KEYTYPE_RSA</B
></TT
> which
is currently the only supported key type.
</TD
></TR
><TR
><TD
>encrypt_key</TD
><TD
><A
HREF="language.types.boolean.html"
><B
CLASS="type"
>boolean</B
></A
></TD
><TD
>encrypt_key</TD
><TD
>Should an exported key (with passphrase) be encrypted?</TD
></TR
></TBODY
></TABLE
></DIV
>
</P
><P
> 如果成功则返回 <TT
CLASS="constant"
><B
>TRUE</B
></TT
>,失败则返回 <TT
CLASS="constant"
><B
>FALSE</B
></TT
>。
</P
><P
> <TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
CLASS="EXAMPLE"
><TR
><TD
><DIV
CLASS="example"
><A
NAME="AEN163778"
></A
><P
><B
>例 1. <B
CLASS="function"
>openssl_csr_new()</B
> example - creating a
self-signed-certificate</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
CELLPADDING="5"
><TR
><TD
><code><font color="#000000">
<font color="#0000BB"><?php<br /></font><font color="#FF8000">// Fill in data for the distinguished name to be used in the cert<br />// You must change the values of these keys to match your name and<br />// company, or more precisely, the name and company of the person/site<br />// that you are generating the certificate for.<br />// For SSL certificates, the commonName is usually the domain name of<br />// that will be using the certificate, but for S/MIME certificates,<br />// the commonName will be the name of the individual who will use the<br />// certificate.<br /></font><font color="#0000BB">$dn </font><font color="#007700">= array(<br /> </font><font color="#DD0000">"countryName" </font><font color="#007700">=> </font><font color="#DD0000">"UK"</font><font color="#007700">,<br /> </font><font color="#DD0000">"stateOrProvinceName" </font><font color="#007700">=> </font><font color="#DD0000">"Somerset"</font><font color="#007700">,<br /> </font><font color="#DD0000">"localityName" </font><font color="#007700">=> </font><font color="#DD0000">"Glastonbury"</font><font color="#007700">,<br /> </font><font color="#DD0000">"organizationName" </font><font color="#007700">=> </font><font color="#DD0000">"The Brain Room Limited"</font><font color="#007700">,<br /> </font><font color="#DD0000">"organizationalUnitName" </font><font color="#007700">=> </font><font color="#DD0000">"PHP Documentation Team"</font><font color="#007700">,<br /> </font><font color="#DD0000">"commonName" </font><font color="#007700">=> </font><font color="#DD0000">"Wez Furlong"</font><font color="#007700">,<br /> </font><font color="#DD0000">"emailAddress" </font><font color="#007700">=> </font><font color="#DD0000">"wez@example.com"<br /></font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Generate a new private (and public) key pair<br /></font><font color="#0000BB">$privkey </font><font color="#007700">= </font><font color="#0000BB">openssl_pkey_new</font><font color="#007700">();<br /><br /></font><font color="#FF8000">// Generate a certificate signing request<br /></font><font color="#0000BB">$csr </font><font color="#007700">= </font><font color="#0000BB">openssl_csr_new</font><font color="#007700">(</font><font color="#0000BB">$dn</font><font color="#007700">, </font><font color="#0000BB">$privkey</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// You will usually want to create a self-signed certificate at this<br />// point until your CA fulfills your request.<br />// This creates a self-signed cert that is valid for 365 days<br /></font><font color="#0000BB">$sscert </font><font color="#007700">= </font><font color="#0000BB">openssl_csr_sign</font><font color="#007700">(</font><font color="#0000BB">$csr</font><font color="#007700">, </font><font color="#0000BB">null</font><font color="#007700">, </font><font color="#0000BB">$privkey</font><font color="#007700">, </font><font color="#0000BB">365</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Now you will want to preserve your private key, CSR and self-signed<br />// cert so that they can be installed into your web server, mail server<br />// or mail client (depending on the intended use of the certificate).<br />// This example shows how to get those things into variables, but you<br />// can also store them directly into files.<br />// Typically, you will send the CSR on to your CA who will then issue<br />// you with the "real" certificate.<br /></font><font color="#0000BB">openssl_csr_export</font><font color="#007700">(</font><font color="#0000BB">$csr</font><font color="#007700">, </font><font color="#0000BB">$csrout</font><font color="#007700">) and </font><font color="#0000BB">var_dump</font><font color="#007700">(</font><font color="#0000BB">$csrout</font><font color="#007700">);<br /></font><font color="#0000BB">openssl_x509_export</font><font color="#007700">(</font><font color="#0000BB">$sscert</font><font color="#007700">, </font><font color="#0000BB">$certout</font><font color="#007700">) and </font><font color="#0000BB">var_dump</font><font color="#007700">(</font><font color="#0000BB">$certout</font><font color="#007700">);<br /></font><font color="#0000BB">openssl_pkey_export</font><font color="#007700">(</font><font color="#0000BB">$privkey</font><font color="#007700">, </font><font color="#0000BB">$pkeyout</font><font color="#007700">, </font><font color="#DD0000">"mypassword"</font><font color="#007700">) and </font><font color="#0000BB">var_dump</font><font color="#007700">(</font><font color="#0000BB">$pkeyout</font><font color="#007700">);<br /><br /></font><font color="#FF8000">// Show any errors that occurred here<br /></font><font color="#007700">while ((</font><font color="#0000BB">$e </font><font color="#007700">= </font><font color="#0000BB">openssl_error_string</font><font color="#007700">()) !== </font><font color="#0000BB">false</font><font color="#007700">) {<br /> echo </font><font color="#0000BB">$e </font><font color="#007700">. </font><font color="#DD0000">"\n"</font><font color="#007700">;<br />}<br /></font><font color="#0000BB">?></font>
</font>
</code></TD
></TR
></TABLE
></DIV
></TD
></TR
></TABLE
>
</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="function.openssl-csr-get-subject.html"
ACCESSKEY="P"
>上一页</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>起始页</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="function.openssl-csr-sign.html"
ACCESSKEY="N"
>下一页</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>openssl_csr_get_subject</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="ref.openssl.html"
ACCESSKEY="U"
>上一级</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>openssl_csr_sign</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
