如何使用PHP和OpenSSL生成自签名证书
我正在尝试创建一个使用PHP和openSSL生成自签名证书的站点。我很确定这是某种语法错误,但我似乎找不到它 我在linux终端上尝试过这个命令,它似乎可以工作,但只有在PHP文件中,它不起作用 这是work.php,主要是函数:如何使用PHP和OpenSSL生成自签名证书,php,openssl,certificate,Php,Openssl,Certificate,我正在尝试创建一个使用PHP和openSSL生成自签名证书的站点。我很确定这是某种语法错误,但我似乎找不到它 我在linux终端上尝试过这个命令,它似乎可以工作,但只有在PHP文件中,它不起作用 这是work.php,主要是函数: <?php function terminal($command) { //system if(function_exists('system')) { ob_start();
<?php
function terminal($command)
{
//system
if(function_exists('system'))
{
ob_start();
system($command , $return_var);
$output = ob_get_contents();
ob_end_clean();
}
//passthru
else if(function_exists('passthru'))
{
ob_start();
passthru($command , $return_var);
$output = ob_get_contents();
ob_end_clean();
}
//exec
else if(function_exists('exec'))
{
exec($command , $output , $return_var);
$output = implode(n , $output);
}
//shell_exec
else if(function_exists('shell_exec'))
{
$output = shell_exec($command) ;
}
else
{
$output = 'Command execution not possible on this system';
$return_var = 1;
}
return array('output' => $output , 'status' => $return_var);
}
?>
<form method="post">
<input type="text" placeholder="domain" name="name"></input>
<input type="submit" value="submit" name="submit"></input>
</form>
<?php
if(isset($_POST['submit']))
{
$name = $_POST["name"];
run();
}
function run() {
require "work.php";
$status = 0;
$name = $_POST["name"];
$command1 = "openssl req -x509 -newkey rsa:4096 -nodes -keyout " . $name . ".key -out " . $name . ".pem -days 3650 -subj '/CN=" . $name . "'";
$o = terminal($command1);
echo $o['output'];
echo "<br><br>";
echo "Your certificate >> <a href='" . $name . ".pem'>DOWNLOAD</a>";
echo "<br>";
echo "Your private key >> <a href='" . $name . ".key'>DOWNLOAD</a>";
}
?>
举例说明如何使用本机php函数而不是执行字符串命令生成证书
<?php
error_reporting( E_ALL );
$result=false;
/*
configure as appropriate - the root directory
for all web data
*/
$rootdir='c:\wwwroot';
/*
an aliased directory within web root - select
an appropriate path
*/
$certdir=$rootdir . '\content\stack';
/*
to aid correct display of hyperlinks for my environment
which uses aliases and symbolic links so probably not
required otherwise
*/
$displaypath=dirname( $_SERVER['REQUEST_URI'] );
if( $_SERVER['REQUEST_METHOD']=='POST' && !empty( $_POST['name'] ) ){
$name=filter_input( INPUT_POST, 'name', FILTER_SANITIZE_STRING );
if( $name ){
function create( $rootdir='c:/wwwroot', $certdir=false, $certname='certificate', $dn=array(), $passphrase=null, $createpem=true, $overwrite=true ){
if( !empty( $certdir ) && !empty( $certname ) && !empty( $dn ) ){
$out = new stdClass;
$days = 3650;
/* !!! configuration and location of your own openssl.conf file is important !!! */
putenv( sprintf( 'OPENSSL_CONF=%s/openssl.cnf', $rootdir ) );
$config=array(
'config' => getenv('OPENSSL_CONF'),
'digest_alg' => 'AES-128-CBC',
'private_key_bits' => 4096,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'encrypt_key' => false
);
/*
Primary configuration is overwritten at runtime
by including parameters in the "$dn" argument
*/
$dn=array_merge( array(
"countryName" => "UK",
"stateOrProvinceName" => "Strathclyde",
"localityName" => "Scotland",
"organizationName" => "bonny-scotland.org",
"organizationalUnitName" => "Bonny Scotland",
"commonName" => $certname,
"emailAddress" => "webmaster@bonny-scotland.org"
), $dn );
$privkey = openssl_pkey_new( $config );
$csr = openssl_csr_new( $dn, $privkey, $config );
$cert = openssl_csr_sign( $csr, null, $privkey, $days, $config, 0 );
openssl_x509_export( $cert, $out->pub );
openssl_pkey_export( $privkey, $out->priv, $passphrase );
openssl_csr_export( $csr, $out->csr );
# Create the base private & public directories if they do not exist
$privdir = $certdir . sprintf('\\certificates\\%s\\private\\',$certname );
$pubdir = $certdir . sprintf('\\certificates\\%s\\public\\',$certname );
@mkdir( $privdir, 0777, true );
@mkdir( $pubdir, 0777, true );
$pkpath=$privdir . $certname . '.key';
$cert=$pubdir . $certname . '.crt';
$csr=$privdir . $certname . '.csr';
$pem=$pubdir . $certname . '.pem';
if( !file_exists( $pkpath ) or ( $overwrite==true && file_exists( $pkpath ) ) ) {
openssl_pkey_export_to_file( $privkey, $pkpath, $passphrase, $config );
file_put_contents( $cert, $out->pub, FILE_TEXT );
file_put_contents( $csr, $out->csr, FILE_TEXT );
if( $createpem ){
unset( $out->csr );
file_put_contents( $pem, implode( '', get_object_vars( $out ) ) );
}
}
openssl_pkey_free( $privkey );
clearstatcache();
/* return useful stuff for display porpoises */
return (object)array(
'public' => str_replace( $certdir, '', $pubdir ),
'private' => str_replace( $certdir, '', $privdir ),
'pubsize' => filesize( $pem ),
'privsize' => filesize( $pkpath ),
'pkpath' => $pkpath,
'cert' => $cert,
'csr' => $csr,
'pem' => $pem,
'certificate' => $certname
);
}
return false;
}
/* configure the DN array */
$dn=array(
'countryName' => 'GB',
'localityName' => 'England',
'stateOrProvinceName' => 'London',
'organizationName' => $name,
'organizationalUnitName' => 'Squirrel Juggling Services',
'emailAddress' => sprintf( 'admin-contact@%s', $name )
);
$result=create( $rootdir, $certdir, $name, $dn );
}
}
?>
<!DOCTYPE html>
<html lang='en'>
<head>
<meta charset='utf-8' />
<title>Generate Certificates</title>
<style>
body,body *{box-sizing:border-box;font-family:calibri,verdana,arial;}
body{ background:white; width:100%; height:100vh;margin:0;display:flex;flex-direction:column; align-content:center; justify-content:center; align-items:center;}
form{ border:1px solid rgba(0,0,0,0.25); border-radius:1rem; background:whitesmoke; padding:1rem;width:30%; height:auto; min-height:250px; display:flex; flex-direction:column; align-content:center; justify-content:center; align-items:center; }
form *{align-self:stretch;flex:1;margin:0.5rem;}
[type='text']{text-align:center;}
h1{font-size:1.45rem;text-align:center}
h2{font-size:1.15rem;text-align:center}
</style>
</head>
<body>
<form method='post'>
<h1>Generate Self-Signed SSL Certificate</h1>
<input type='text' name='name' placeholder='domain' />
<input type='submit' />
</form>
<?php
if( $_SERVER['REQUEST_METHOD']=='POST' && is_object( $result ) ){
printf(
'
<h2>Certificate for "%s" generated successfully!</h2>
<a href="%s" target="_blank">Download Public Certificate ( %s Kb )</a>
<a href="%s" target="_blank">Download Private Key ( %s Kb )</a>',
$result->certificate,
sprintf( '%s%s%s.pem', $displaypath, $result->public, $result->certificate ),
round( ( $result->pubsize / 1024 ), 2 ),
sprintf( '%s%s%s.key', $displaypath, $result->private, $result->certificate ),
round( ( $result->privsize / 1024 ), 2 )
);
}
?>
</body>
</html>
生成证书
正文,正文*{框大小:边框框;字体系列:calibri,verdana,arial;}
正文{背景:白色;宽度:100%;高度:100vh;边距:0;显示:柔性;柔性方向:列;对齐内容:中心;对齐内容:中心;对齐项目:中心;}
表单{边框:1px实心rgba(0,0,0,0.25);边框半径:1rem;背景:白烟;填充:1rem;宽度:30%;高度:自动;最小高度:250px;显示:柔性;柔性方向:列;对齐内容:中心;对齐内容:中心;对齐项目:中心;}
表单*{align self:stretch;flex:1;边距:0.5rem;}
[type='text']{text align:center;}
h1{字体大小:1.45rem;文本对齐:居中}
h2{字体大小:1.15rem;文本对齐:居中}
生成自签名SSL证书
为什么不使用PHP中提供的一些原生openssl函数,而不是尝试通过PHP在命令行上运行PHP脚本呢?我似乎在您的PHP代码中发现了这些错误,该网站是实时的,请查看这些错误,因为我不知道它出了什么问题。谢谢,看起来它们都源于创建文件夹的失败-因此请检查/修改所选证书目录的文件夹权限我已使用chown和chmod多次尝试,但它们似乎都不起作用。。。我想我实现的代码不正确,我该怎么做?制作一个单独的php文件,它会工作,还是我还需要创建其他文档/文件夹才能工作?你能创建一个粘贴箱,说明你是如何实现的,并共享链接,这样我下班后可以看一看吗?现在忽略这一点,你的代码更好,但我找到了一种使用不同代码使其工作的方法。谢谢,尽管权限仍然不起作用?