Hi all,
I have an apache server and for that I created CA as the signing authority
using openssl.
Now I created a php page which will generate client certificates with key
and will sign by CA. Now the output is in .pem .
Now how to convert it in .p12 for exporting it in client browser..
Again, If using exec gives another problem which is it asks for export
password so how to give this via php.
Thanks in advance.
Below is the code:
<?
Header("Content-Type: text/plain");
$CA_CERT = "/usr/local/openssl/misc/demoCA/cacert.pem";
$CA_KEY = "/usr/local/openssl/misc/demoCA/private/cakey.pem";
$req_key = openssl_pkey_new();
if(openssl_pkey_export ($req_key, $out_key)) {
$dn = array(
"countryName" => "AU",
"stateOrProvinceName" => "AR",
"organizationName" => "Widget Ltd",
"organizationalUnitName" => "Test",
"commonName" => "John Smith"
);
$req_csr = openssl_csr_new ($dn, $req_key);
$req_cert = openssl_csr_sign($req_csr, "file://$CA_CERT",
"file://$CA_KEY", 365);
if(openssl_x509_export ($req_cert, $out_cert)) {
echo "$out_key\n";
echo "$out_cert\n";
$myFile2 = "/tmp/testFile.pem";
// $myFile1 = "/tmp/testKey.pem";
$fh2 = fopen($myFile2, 'w') or die("can't open file");
fwrite($fh2, $out_key);
$fh1 = fopen($myFile2, 'a') or die("can't open file");
fwrite($fh1, $out_cert);
fclose($fh1);
fclose($fh2);
$command = `openssl pkcs12 -export test -in /tmp/testFile.pem -out
client-cert.p12`;
exec( $command );
}
else echo "Failed Cert\n";
}
else
echo "FailedKey\n";
?>
