如何在PHP中定义X509证书的特定用途
[英]How to define a particular purpose of an X509 certificate in PHP
问题描述
How can I set the purpose of an X.509 certificate to X509_PURPOSE_ANY in PHP 5.x? 
如何在PHP 5.x 中将 X.509证书的用途设置为X509_PURPOSE_ANY ?
The following code outputs this warning: 以下代码输出此警告:
Warning: openssl_csr_new() [function.openssl-csr-new.php]: dn: X509_PURPOSE is not a recognized name in /home/www/index.php on line 45
PHP Script: PHP脚本:
$Configs = array(
'config' => 'test.cnf',
'digest_alg' => 'sha1',
'x509_extensions' => 'v3_ca',
'req_extensions' => 'v3_req',
'private_key_bits' => 2048,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'encrypt_key' => true,
'encrypt_key_cipher' => OPENSSL_CIPHER_3DES);
$ExtraAttribs = array('X509_PURPOSE' => 'X509_PURPOSE_ANY');
//create cert
$dn = array('commonName' => 'Chief');
$privkey = openssl_pkey_new($Configs);
$csr = openssl_csr_new($dn, $privkey, $Configs, $ExtraAttribs);
The last line is line 45. 最后一行是第45行。
2 个解决方案
解决方案1
5 已采纳 2012-03-10 00:28:59
I cannot find any indication that X509 certificates have a "purpose". 我找不到X509证书有“目的”的任何迹象。 I can find only "Basic Constraints", "Key Usage" and "Enhanced Key Usage". 我只能找到“基本约束”,“密钥用法”和“增强密钥用法”。
The closest thing I could find is http://www.openssl.org/docs/apps/verify.html which says 我能找到的最接近的东西是http://www.openssl.org/docs/apps/verify.html
For compatibility with previous versions of SSLeay and OpenSSL a certificate with no trust settings is considered to be valid for all purposes.
解决方案2
4 2012-03-10 01:05:54
The purpose is set at signing - not in the CSR. 目的是在签署时设定 - 而不是在CSR中。 A quick look at the php docs suggest that this is not supported by the API - but you could call openssl x509 from the shell 快速浏览一下php文档表明API不支持这个 - 但你可以从shell调用openssl x509
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.