Re: Create client certificate with openssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

check these options
*-pass arg, -passin arg*

the PKCS#12 file (i.e. input file) password source. For more information
about the format of *arg* see the *PASS PHRASE ARGUMENTS* section in *
openssl*(1) <http://www.openssl.org/docs/apps/openssl.html#>.
*-passout arg*

pass phrase source to encrypt any outputed private keys with. For more
information about the format of *arg* see the *PASS PHRASE ARGUMENTS*section in
*openssl*(1) <http://www.openssl.org/docs/apps/openssl.html#>.
I believe you can ask user their password on previous page and utilize the
'pass' option and it won't ask for a password again

HTH


On Wed, Nov 25, 2009 at 2:53 AM, Tanveer Chowdhury <
tanveer.chowdhury@xxxxxxxxx> wrote:

> Hi all,
>
> I have an apache server and for that I created CA as the signing authority
> using openssl.
>
> Now I created a  php page which will generate client certificates with key
> and will sign by CA. Now the output is in .pem .
> Now how to convert it in .p12 for exporting it in client browser..
>
> Again, If using exec gives another problem which is it asks for export
> password so how to give this via php.
>
> Thanks in advance.
> Below is the code:
>
>  <?
> Header("Content-Type: text/plain");
> $CA_CERT = "/usr/local/openssl/misc/demoCA/cacert.pem";
> $CA_KEY  = "/usr/local/openssl/misc/demoCA/private/cakey.pem";
> $req_key = openssl_pkey_new();
> if(openssl_pkey_export ($req_key, $out_key)) {
>        $dn = array(
>                "countryName"            => "AU",
>                "stateOrProvinceName"    => "AR",
>                "organizationName"       => "Widget Ltd",
>                "organizationalUnitName" => "Test",
>                "commonName"             => "John Smith"
>                );
>        $req_csr  = openssl_csr_new ($dn, $req_key);
>        $req_cert = openssl_csr_sign($req_csr, "file://$CA_CERT",
> "file://$CA_KEY", 365);
>        if(openssl_x509_export ($req_cert, $out_cert)) {
>                echo "$out_key\n";
>                echo "$out_cert\n";
>                $myFile2 = "/tmp/testFile.pem";
>               // $myFile1 = "/tmp/testKey.pem";
>
> $fh2 = fopen($myFile2, 'w') or die("can't open file");
> fwrite($fh2, $out_key);
> $fh1 = fopen($myFile2, 'a') or die("can't open file");
> fwrite($fh1, $out_cert);
> fclose($fh1);
> fclose($fh2);
>
> $command = `openssl pkcs12 -export test -in /tmp/testFile.pem -out
> client-cert.p12`;
> exec( $command );
>
>        }
> else    echo "Failed Cert\n";
>        }
> else
>        echo "FailedKey\n";
> ?>
>
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux