Create client certificate with openssl

Create client certificate with openssl

am 25.11.2009 08:53:32 von Tanveer Chowdhury

--0016e659f688e29b0504792d5ad9
Content-Type: text/plain; charset=ISO-8859-1

Hi all,

I have an apache server and for that I created CA as the signing authority
using openssl.

Now I created a php page which will generate client certificates with key
and will sign by CA. Now the output is in .pem .
Now how to convert it in .p12 for exporting it in client browser..

Again, If using exec gives another problem which is it asks for export
password so how to give this via php.

Thanks in advance.
Below is the code:

Header("Content-Type: text/plain");
$CA_CERT = "/usr/local/openssl/misc/demoCA/cacert.pem";
$CA_KEY = "/usr/local/openssl/misc/demoCA/private/cakey.pem";
$req_key = openssl_pkey_new();
if(openssl_pkey_export ($req_key, $out_key)) {
$dn = array(
"countryName" => "AU",
"stateOrProvinceName" => "AR",
"organizationName" => "Widget Ltd",
"organizationalUnitName" => "Test",
"commonName" => "John Smith"
);
$req_csr = openssl_csr_new ($dn, $req_key);
$req_cert = openssl_csr_sign($req_csr, "file://$CA_CERT",
"file://$CA_KEY", 365);
if(openssl_x509_export ($req_cert, $out_cert)) {
echo "$out_key\n";
echo "$out_cert\n";
$myFile2 = "/tmp/testFile.pem";
// $myFile1 = "/tmp/testKey.pem";

$fh2 = fopen($myFile2, 'w') or die("can't open file");
fwrite($fh2, $out_key);
$fh1 = fopen($myFile2, 'a') or die("can't open file");
fwrite($fh1, $out_cert);
fclose($fh1);
fclose($fh2);

$command = `openssl pkcs12 -export test -in /tmp/testFile.pem -out
client-cert.p12`;
exec( $command );

}
else echo "Failed Cert\n";
}
else
echo "FailedKey\n";
?>

--0016e659f688e29b0504792d5ad9--

Re: Create client certificate with openssl

am 25.11.2009 16:36:29 von Ryan Sun

--00032557b4d28adf8c047933d237
Content-Type: text/plain; charset=ISO-8859-1

check these options
*-pass arg, -passin arg*

the PKCS#12 file (i.e. input file) password source. For more information
about the format of *arg* see the *PASS PHRASE ARGUMENTS* section in *
openssl*(1) .
*-passout arg*

pass phrase source to encrypt any outputed private keys with. For more
information about the format of *arg* see the *PASS PHRASE ARGUMENTS*section in
*openssl*(1) .
I believe you can ask user their password on previous page and utilize the
'pass' option and it won't ask for a password again

HTH


On Wed, Nov 25, 2009 at 2:53 AM, Tanveer Chowdhury <
tanveer.chowdhury@gmail.com> wrote:

> Hi all,
>
> I have an apache server and for that I created CA as the signing authority
> using openssl.
>
> Now I created a php page which will generate client certificates with key
> and will sign by CA. Now the output is in .pem .
> Now how to convert it in .p12 for exporting it in client browser..
>
> Again, If using exec gives another problem which is it asks for export
> password so how to give this via php.
>
> Thanks in advance.
> Below is the code:
>
> > Header("Content-Type: text/plain");
> $CA_CERT = "/usr/local/openssl/misc/demoCA/cacert.pem";
> $CA_KEY = "/usr/local/openssl/misc/demoCA/private/cakey.pem";
> $req_key = openssl_pkey_new();
> if(openssl_pkey_export ($req_key, $out_key)) {
> $dn = array(
> "countryName" => "AU",
> "stateOrProvinceName" => "AR",
> "organizationName" => "Widget Ltd",
> "organizationalUnitName" => "Test",
> "commonName" => "John Smith"
> );
> $req_csr = openssl_csr_new ($dn, $req_key);
> $req_cert = openssl_csr_sign($req_csr, "file://$CA_CERT",
> "file://$CA_KEY", 365);
> if(openssl_x509_export ($req_cert, $out_cert)) {
> echo "$out_key\n";
> echo "$out_cert\n";
> $myFile2 = "/tmp/testFile.pem";
> // $myFile1 = "/tmp/testKey.pem";
>
> $fh2 = fopen($myFile2, 'w') or die("can't open file");
> fwrite($fh2, $out_key);
> $fh1 = fopen($myFile2, 'a') or die("can't open file");
> fwrite($fh1, $out_cert);
> fclose($fh1);
> fclose($fh2);
>
> $command = `openssl pkcs12 -export test -in /tmp/testFile.pem -out
> client-cert.p12`;
> exec( $command );
>
> }
> else echo "Failed Cert\n";
> }
> else
> echo "FailedKey\n";
> ?>
>

--00032557b4d28adf8c047933d237--

Re: Create client certificate with openssl

am 26.11.2009 00:03:34 von Manuel Lemos

Hello,

on 11/25/2009 05:53 AM Tanveer Chowdhury said the following:
> Hi all,
>
> I have an apache server and for that I created CA as the signing authority
> using openssl.
>
> Now I created a php page which will generate client certificates with key
> and will sign by CA. Now the output is in .pem .
> Now how to convert it in .p12 for exporting it in client browser..
>
> Again, If using exec gives another problem which is it asks for export
> password so how to give this via php.

You may want to take a look at this class:

http://www.phpclasses.org/crypt_openssl

--

Regards,
Manuel Lemos

Find and post PHP jobs
http://www.phpclasses.org/jobs/

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php