Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- $cwd=getcwd();
- $distname= array(
- "countryName" => "CA",
- "stateOrProvinceName" => "Ontario",
- "localityName" => "Toronto",
- "organizationName" => "G4 Apps",
- "organizationalUnitName" => "Development",
- "commonName" => "Mark Lane",
- "emailAddress" => "nobody at gmail.com"
- );
- $password = 'seanix';
- $cacert_location=$cwd."/certs/CA/g4CA.crt";
- $cakey_location=$cwd."/certs/CA/g4CA.key";
- $cnf=$cwd.'/certs/myopenssl.cnf';
- $configArgs = array(
- 'config' =>$cnf
- );
- ?>
- <?php
- function makekey($password,$configArgs) {
- $key= openssl_pkey_new($configArgs);
- //print_r($configArgs);
- openssl_pkey_export($key, $pkeyout,$password);
- if (($e=openssl_error_string()) ==false) return $pkeyout;
- else {
- do {
- echo $e . "<BR>";
- } while($e=openssl_error_string());
- return -1;
- }
- }
- ?>
- <?php
- function newcsr($distname,$key,$configArgs) {
- $csr=openssl_csr_new($distname,$key,$configArgs);
- openssl_csr_export($csr, $csrout);
- if (($e=openssl_error_string()) ==false) return $csrout;
- else {
- do {
- echo $e . "<BR>";
- } while($e=openssl_error_string());
- return -1;
- }
- }
- ?>
- HOME = .
- RANDFILE = $ENV::HOME/.rnd
- oid_section = new_oids
- [ new_oids ]
- tsa_policy1 = 1.2.3.4.1
- tsa_policy2 = 1.2.3.4.5.6
- tsa_policy3 = 1.2.3.4.5.7
- ####################################################################
- [ ca ]
- default_ca = g4CA
- ####################################################################
- [ g4CA ]
- dir = /home/g4apps/secure.g4apps.com/generator/certs
- certs = $dir/
- crl_dir = $dir/crl
- database = $dir/index.txt
- new_certs_dir = $dir/newcerts
- certificate = $dir/CA/g4CA.crt
- serial = $dir/serial
- crlnumber = $dir/crlnumber
- crl = $dir/CA/g4CA.crl
- private_key = $dir/CA/g4CA.key
- RANDFILE = $dir/private/.rand
- x509_extensions = usr_cert
- name_opt = ca_default
- cert_opt = ca_default
- default_days = 365 # how long to certify for
- default_crl_days= 30 # how long before next CRL
- default_md = default # use public key default MD
- preserve = no # keep passed DN ordering
- policy = policy_match
- [ policy_match ]
- countryName = match
- stateOrProvinceName = match
- organizationName = match
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = optional
- [ policy_anything ]
- countryName = optional
- stateOrProvinceName = optional
- localityName = optional
- organizationName = optional
- organizationalUnitName = optional
- commonName = supplied
- emailAddress = optional
- ####################################################################
- [ req ]
- default_bits = 2048
- default_md = md5
- default_keyfile = privkey.pem
- distinguished_name = req_distinguished_name
- attributes = req_attributes
- x509_extensions = v3_ca # The extentions to add to the self signed cert
- string_mask = utf8only
- [ req_distinguished_name ]
- countryName = Country Name (2 letter code)
- countryName_default = CA
- countryName_min = 2
- countryName_max = 2
- stateOrProvinceName = State or Province Name (full name)
- stateOrProvinceName_default = ON
- localityName = Locality Name (eg, city)
- localityName_default = Toronto
- 0.organizationName = Organization Name (eg, company)
- 0.organizationName_default = G4 Apps
- organizationalUnitName = Organizational Unit Name (eg, section)
- commonName = Common Name (eg, your name or your server's hostname)
- commonName_max = 64
- emailAddress = Email Address
- emailAddress_default = lmlane@gmail.com
- emailAddress_max = 64
- [ req_attributes ]
- challengePassword = A challenge password
- challengePassword_min = 4
- challengePassword_max = 20
- unstructuredName = An optional company name
- [ usr_cert ]
- nsComment = "OpenSSL Generated Certificate"
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid,issuer
- [ v3_req ]
- basicConstraints = CA:FALSE
- keyUsage = nonRepudiation, digitalSignature, keyEncipherment
- [ v3_ca ]
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid:always,issuer
- basicConstraints = CA:true
- [ crl_ext ]
- authorityKeyIdentifier=keyid:always
- [ proxy_cert_ext ]
- basicConstraints=CA:FALSE
- nsComment = "OpenSSL Generated Certificate"
- subjectKeyIdentifier=hash
- authorityKeyIdentifier=keyid,issuer
- proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
- ####################################################################
- [ tsa ]
- default_tsa = tsa_config1
- [ tsa_config1 ]
- dir = ./demoCA
- serial = $dir/tsaserial
- crypto_device = builtin
- signer_cert = $dir/tsacert.pem
- certs = $dir/cacert.pem
- signer_key = $dir/private/tsakey.pem
- default_policy = tsa_policy1
- other_policies = tsa_policy2, tsa_policy3
- digests = md5, sha1
- accuracy = secs:1, millisecs:500, microsecs:100
- clock_precision_digits = 0
- ordering = yes
- tsa_name = yes
- ess_cert_id_chain = no
- $res = openssl_pkey_new();
- openssl_pkey_export($res, $privkey);
- var_dump(openssl_error_string());
- var_dump($privkey);
- string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"
- string(887) "-----BEGIN RSA PRIVATE KEY-----
- MIICXQIBAAKBgQDdh4FiOEtUZzvTSnlb/pJHjmsS9rOHQ7PU2WOO6ZHxYRIgK1NR
- ReY7bBwEsT2ziUpx0b8K2Fx4m+XovzysB/lVrKbrdbHoVtGuJGZjYSXgFlCRTBu+
- +TnAPUBF0LGJfxfVzjOkHzsh02lH3fvzFpFgRZRWs4za+vVzIweeOweYTwIDAQAB
- AoGANZD5iS2BkZQw1COS+tqwtlrKq1g6CwAk8NfsCfeSkaJeRqcTS3iydjXrBHtz
- JwGQnbsRDedJXOSdkE0Ft7dp44lijOAp1ngMDCKbabxVN2Go6b1d743HE0oIhFCC
- Dv2B9kf9vzeYy+0/BVCs5i4iPoKXJJTSJrWoDxrFEJWSJIkCQQDwe39bOFHmQlxz
- pbfT3DZ8Q311xFo6PewcAf7DTsikoPZANx0GQ41WdZj6/n4QVP4k+TnhZLiJzsH+
- p3RUrx8tAkEA69LsgPrQMZ0YjsE2vjRLdJmp1916G1xqSLIVWDUPd9Ns+MA8YKTx
- AQxC3dl3n+w24m7UlCThANlU/+2r0eoi6wJBAKIxGOdEJ/Cdp08UYNRR/Kl4t2A7
- SwNnChylt9awByEJsqwCv9+epe+/Jqt6AzouqK31LXV4AgJn4W1IMWyAJA0CQCp0
- 6/2AqnD0PpKc+JUf5yHT9H8Xsb8xUTVLUopx6xoAp5LVUUl5CKbOpU85ss7JAUyc
- 9YrCZPv5JNN6379ILwcCQQDDcjtNnhQHukQQQ8iVL9YCrWzyCgplTz3uktueT+Dd
- SDK1bCM4xDehfG3RKu1ZNx80Q0nzmi7FSPJ2md7qSIHc
- -----END RSA PRIVATE KEY-----
- "
- default_md = md5
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
