使用PHP生成具有多个OU的CSR
我正在使用PHP使用以下代码段创建CSR文件:使用PHP生成具有多个OU的CSR,php,openssl,certificate,csr,Php,Openssl,Certificate,Csr,我正在使用PHP使用以下代码段创建CSR文件: $dn = array( "countryName" => 'AU', "stateOrProvinceName" => 'State', "localityName" => 'Local', "organizationName" => 'Name', "commonNa
$dn = array(
"countryName" => 'AU',
"stateOrProvinceName" => 'State',
"localityName" => 'Local',
"organizationName" => 'Name',
"commonName" => 'org.com',
"organizationalUnitName" => 'unitName'
);
$keyAlg = OPENSSL_KEYTYPE_RSA;
$arrayPrivKey = array(
'private_key_bits' => 2048,
'private_key_type' => $keyAlg,
'digest_alg' => 'SHA256'
);
$privkey = openssl_pkey_new($arrayPrivKey);
$san = "DNS.1=SAN\n";
$cnf = "[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = req_ext\n\n[ req_distinguished_name ]\ncountryName = Country Name (2 letter code)\n\n[ req_ext ]\nsubjectAltName = @alt_names\nkeyUsage = nonRepudiation, digitalSignature, keyEncipherment\n\n[ alt_names ]\n". $san;
file_put_contents('/myPath/openssl.cnf', $cnf);
$csr = openssl_csr_new(
$dn, $privkey,
array(
'digest_alg' => 'SHA256',
'req_extensions' => "req_ext",
'config' => '/myPath/openssl.cnf'
)
);
openssl_csr_export_to_file($csr, '/myPath/test.csr');
它工作得很好,但现在我尝试使用多个OU(organizationalUnitName)创建这些文件,但我无法实现
我已经尝试了以下几种选择:
//using array
$dn = array(
//other prop
"organizationalUnitName" => array('unitName', 'unit2')
);
//using commas (and other separators)
$dn = array(
//other prop
"organizationalUnitName" => "'unitName', 'unit2'"
);
//using the openssl command line syntax
$dn = array(
//other prop
"organizationalUnitName" => 'OU=organizationname/OU=organizationname2'
);
我还尝试使用fromopenssl\u csr\u new
函数,这是目前最好的选择,但使用它时,我仅限于4个OU
//THIS ONE WORKS - LIMITED IN 4 OUS
$dn = array(
//other prop
"organizationalUnitName" => 'Unit1',
"OU" => 'Unit2',
);
//code, code,code
$csr = openssl_csr_new(
$dn, $privkey,
array(
'digest_alg' => 'SHA256',
'req_extensions' => "req_ext",
'config' => '/myPath/openssl.cnf'
),
array(
"organizationalUnitName" => 'Unit3',
"OU" => 'Unit4',
)
);
重复键OU
或organizationalUnitName
不起作用,即使索引为1.organizationalUnitName
OUorganizationalUnitName1
(PHP无法识别最后两个)
在我之前的研究中,我发现这个问题与此类似,但它指的是一个非常旧的PHP版本,因此在我的环境中,它应该可以与数组方法配合使用,但事实并非如此
我想要的最终结果是一个CSR文件,类似于使用以下命令行()创建的文件:
openssl-req-new-newkey rsa:2048-nodes-subc”/CN=somedomain.com/O=My Corporation/OU=Org Unit 1/OU=Org Unit 2/OU=UNIT3/OU=Unit/OU=MYUNit/OU=FinalUNit>test.csr
有没有办法用PHP实现它
理想的解决方案应该适用于PHP5.6,但我在PHP7.3中做了所有测试,结果也失败了。PHP7解决方案对我来说并不完美,但可以帮助有类似问题的人