Trying to create a certificate through openssl using shell_exec in PHP

1.7k views Asked by At

I'm actually working in a small project for myself, is a Web Application that creates Certificate Signing Request also the certificate .pem/.crt and its .key.

The actual problem is that I'm trying to run:

shell_exec(openssl ca -config ../openssl.cnf -in $CSR_FILE -out $CRT_FILE)

And I find the problem that after running this command is asking for my CA passphrase, and later on answering Yes twice to accept the creation of the certificate. I can't figure it out how to make it work. I've been stuck with that for almost three days, neither Google or Stack Overflow has an anwser.

I've tried to run the command and add another shell_exec(passphrase) also, passing passphrase and "y" twice this way.

shell_exec("openssl....","passphrase","y","y")

Thank you very much, i appreciate all help.

1

There are 1 answers

0
Priya On BEST ANSWER

You don't have to use shell_exec() for this. You can create slef signed certificate by using openssl_csr_new() PHP function.

It generates a new CSR (Certificate Signing Request) based on the information provided by dn, which represents the Distinguished Name to be used in the certificate.

PHP Code to generate self-signed-certificate

<?php 
// For SSL certificates, the  commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the certificate.
$dn = array(
    "countryName" => "UK",
    "stateOrProvinceName" => "Somerset",
    "localityName" => "Glastonbury",
    "organizationName" => "The Brain Room Limited",
    "organizationalUnitName" => "PHP Documentation Team",
    "commonName" => "Wez Furlong",
    "emailAddress" => "[email protected]"
);

// Generate a new private (and public) key pair
$privkey = openssl_pkey_new();

// Generate a certificate signing request
$csr = openssl_csr_new($dn, $privkey);

// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365);

// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server.

openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($sscert, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);

// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
    echo $e . "\n";
}
//save certificate and privatekey to file
file_put_contents("certificate.cer", $certout);
file_put_contents("privatekey.pem", $pkeyout);
?>