我试图用PHP生成一个私钥/公钥对。
服务器:Apache / 2.4.3(Win32)OpenSSL / 1.0.1c PHP / 5.4.7
操作系统是安装了所有Windows更新的Windows XP SP3。
我试图执行以下脚本:
<?php $ssl_path = getcwd(); $ssl_path = preg_replace('/\\\/','/', $ssl_path); // Replace \ with / $config = array( 'config' => "$ssl_path/openssl.cnf", 'private_key_bits' => 1024, 'private_key_type' => OPENSSL_KEYTYPE_RSA ); $dn = array( "countryName" => "AT", "stateOrProvinceName" => "Vienna", "localityName" => "Cambs", "organizationName" => "UniServer", "organizationalUnitName" => "Demo", "commonName" => "localhost", "emailAddress" => "me@example.com" ); $privateKey = openssl_pkey_new($config); $csr = openssl_csr_new($dn, $privateKey, $config); $sscert = openssl_csr_sign($csr, NULL, $privateKey, 365, $config); openssl_pkey_export_to_file($privateKey, "C:/server.key", NULL, $config); openssl_x509_export_to_file($sscert, "C:/server.crt", FALSE); openssl_csr_export_to_file($csr, "C:/server.csr"); $keyDetails = openssl_pkey_get_details($privateKey); file_put_contents('C:/public.key', $keyDetails['key']); ?> 这是我的openssl.cnf:
####################################################################### # File name: openssl.cnf # Created By: The Uniform Server Development Team ######################################################################## # # OpenSSL configuration file. # # Establish working directory. dir = . [ req ] default_bits = 1024 default_md = sha1 default_keyfile = privkey.pem distinguished_name = req_distinguished_name x509_extensions = v3_ca string_mask = nombstr [ req_distinguished_name ] countryName = Country Name (2 letter code) countryName_min = 2 countryName_max = 2 stateOrProvinceName = State or Province Name (full name) localityName = Locality Name (eg, city) 0.organizationName = Organization Name (eg, company) organizationalUnitName = Organizational Unit Name (eg, section) commonName = Common Name (eg, YOUR fqdn) commonName_max = 64 emailAddress = Email Address emailAddress_max = 64 [ ssl_server ] basicConstraints = CA:FALSE nsCertType = server keyUsage = digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, nsSGC, msSGC nsComment = "OpenSSL Certificate for SSL Web Server" [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment [ v3_ca ] basicConstraints = critical, CA:true, pathlen:0 nsCertType = sslCA keyUsage = cRLSign, keyCertSign extendedKeyUsage = serverAuth, clientAuth nsComment = "OpenSSL CA Certificate"
当我尝试执行这个脚本Apache崩溃并重新启动。 什么导致这个问题?
顺便说一句:同样的错误发生,如果我尝试使用phpseclib0.3.1库。
提前谢谢了!
根据我的经验,openssl_pkey_get_details()需要一个X.509证书来获取公钥 – 不是一个私钥(不管文档说什么)。
实际上,使用纯PHP X.509实现phpseclib可以更容易地完成所有这些工作。 例如。:
http://phpseclib.sourceforge.net/x509/examples.html#selfsigned
<?php include('File/X509.php'); include('Crypt/RSA.php'); // create private key / x.509 cert for stunnel / website $privKey = new Crypt_RSA(); extract($privKey->createKey()); $privKey->loadKey($privatekey); $pubKey = new Crypt_RSA(); $pubKey->loadKey($publickey); $pubKey->setPublicKey(); $subject = new File_X509(); $subject->setDN(array( "countryName" => "AT", "stateOrProvinceName" => "Vienna", "localityName" => "Cambs", "organizationName" => "Uniserver", "organizationalUnitName" => "Demo", "commonName" => "localhost", "emailAddress" => "me@example.com" )); $subject->setPublicKey($pubKey); $issuer = new File_X509(); $issuer->setPrivateKey($privKey); $issuer->setDN($subject->getDN()); $x509 = new File_X509(); $result = $x509->sign($issuer, $subject); $csr = $issuer->signCSR(); $csr = $x509->saveCSR($csr); file_put_contents("C:/server.key", $privKey->getPrivateKey()); file_put_contents("C:/server.crt", $x509->saveX509($result)); file_put_contents('C:/public.key', $privKey->getPublicKey()); file_put_contents("C:/server.csr", $csr); ?>