<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html> <head>  <title>Sign a CSR with another certificate (or itself) and generate a certificate</title>  <meta http-equiv="content-type" content="text/html; charset=UTF-8"> </head> <body><div style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-new.html">openssl_csr_new</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.openssl-error-string.html">openssl_error_string</a></div> <div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div></div><hr /><div id="function.openssl-csr-sign" class="refentry"> <div class="refnamediv">  <h1 class="refname">openssl_csr_sign</h1>  <p class="verinfo">(PHP 4 &gt;= 4.2.0, PHP 5)</p><p class="refpurpose"><span class="refname">openssl_csr_sign</span> &mdash; <span class="dc-title">Sign a CSR with another certificate (or itself) and generate a certificate</span></p> </div>  <div class="refsect1 description">  <h3 class="title">Description</h3>  <div class="methodsynopsis dc-description">   <span class="type">resource</span> <span class="methodname"><b><b>openssl_csr_sign</b></b></span>    ( <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <tt class="parameter">$csr</tt></span>   , <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <tt class="parameter">$cacert</tt></span>   , <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <tt class="parameter">$priv_key</tt></span>   , <span class="methodparam"><span class="type">int</span> <tt class="parameter">$days</tt></span>   [, <span class="methodparam"><span class="type">array</span> <tt class="parameter">$configargs</tt></span>   [, <span class="methodparam"><span class="type">int</span> <tt class="parameter">$serial</tt></span>  ]] )</div>  <p class="para rdfs-comment">   <b>openssl_csr_sign()</b> generates an x509 certificate   resource from the given CSR.  </p>  <blockquote><p><b class="note">Note</b>:  <span class="simpara">  You need to have a valid <var class="filename">openssl.cnf</var> installed for  this function to operate correctly.  See the notes under <a href="openssl.installation.html" class="link">the installation  section</a> for more information. </span></p></blockquote> </div> <div class="refsect1 parameters">  <h3 class="title">Parameters</h3>  <p class="para">   <dl>    <dt>     <span class="term"><i><tt class="parameter">csr</tt></i></span>     <dd>      <p class="para">       A CSR previously generated by <a href="function.openssl-csr-new.html" class="function">openssl_csr_new()</a>.       It can also be the path to a PEM encoded CSR when specified as       <var class="filename">file://path/to/csr</var> or an exported string generated       by <a href="function.openssl-csr-export.html" class="function">openssl_csr_export()</a>.      </p>     </dd>    </dt>    <dt>     <span class="term"><i><tt class="parameter">cacert</tt></i></span>     <dd>      <p class="para">       The generated certificate will be signed by <i><tt class="parameter">cacert</tt></i>.       If <i><tt class="parameter">cacert</tt></i> is <b><tt>NULL</tt></b>, the generated certificate       will be a self-signed certificate.      </p>     </dd>    </dt>    <dt>     <span class="term"><i><tt class="parameter">priv_key</tt></i></span>     <dd>      <p class="para">       <i><tt class="parameter">priv_key</tt></i> is the private key that corresponds to       <i><tt class="parameter">cacert</tt></i>.      </p>     </dd>    </dt>    <dt>     <span class="term"><i><tt class="parameter">days</tt></i></span>     <dd>      <p class="para">       <i><tt class="parameter">days</tt></i> specifies the length of time for which the       generated certificate will be valid, in days.      </p>     </dd>    </dt>    <dt>     <span class="term"><i><tt class="parameter">configargs</tt></i></span>     <dd>      <p class="para">       You can finetune the CSR signing by <i><tt class="parameter">configargs</tt></i>.       See <a href="function.openssl-csr-new.html" class="function">openssl_csr_new()</a> for more information about       <i><tt class="parameter">configargs</tt></i>.      </p>     </dd>    </dt>    <dt>     <span class="term"><i><tt class="parameter">serial</tt></i></span>     <dd>      <p class="para">       An optional the serial number of issued certificate. If not specified       it will default to 0.      </p>     </dd>    </dt>   </dl>  </p> </div> <div class="refsect1 returnvalues">  <h3 class="title">Return Values</h3>  <p class="para">   Returns an x509 certificate resource on success, <b><tt>FALSE</tt></b> on failure.  </p> </div> <div class="refsect1 changelog">  <h3 class="title">ChangeLog</h3>  <p class="para">   <table class="informaltable">    <colgroup>     <thead valign="middle">      <tr valign="middle">       <th colspan="1">Version</th>       <th colspan="1">Description</th>      </tr>     </thead>     <tbody valign="middle" class="tbody">      <tr valign="middle">       <td colspan="1" rowspan="1" align="left">4.3.3</td>       <td colspan="1" rowspan="1" align="left">        The <i><tt class="parameter">serial</tt></i> parameter was added.       </td>      </tr>     </tbody>    </colgroup>   </table>  </p> </div> <div class="refsect1 examples">  <h3 class="title">Examples</h3>  <p class="para">   <div class="example">    <p><b>Example #1 <b>openssl_csr_sign()</b> example - signing a     CSR (how to implement your own CA)</b></p>    <div class="example-contents"><div class="phpcode"><code><span style="color: #000000"><span style="color: #0000BB">&lt;?php<br /></span><span style="color: #FF8000">//&nbsp;Let's&nbsp;assume&nbsp;that&nbsp;this&nbsp;script&nbsp;is&nbsp;set&nbsp;to&nbsp;receive&nbsp;a&nbsp;CSR&nbsp;that&nbsp;has<br />//&nbsp;been&nbsp;pasted&nbsp;into&nbsp;a&nbsp;textarea&nbsp;from&nbsp;another&nbsp;page<br /></span><span style="color: #0000BB">$csrdata&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">"CSR"</span><span style="color: #007700">];<br /><br /></span><span style="color: #FF8000">//&nbsp;We&nbsp;will&nbsp;sign&nbsp;the&nbsp;request&nbsp;using&nbsp;our&nbsp;own&nbsp;"certificate&nbsp;authority"<br />//&nbsp;certificate.&nbsp;&nbsp;You&nbsp;can&nbsp;use&nbsp;any&nbsp;certificate&nbsp;to&nbsp;sign&nbsp;another,&nbsp;but<br />//&nbsp;the&nbsp;process&nbsp;is&nbsp;worthless&nbsp;unless&nbsp;the&nbsp;signing&nbsp;certificate&nbsp;is&nbsp;trusted<br />//&nbsp;by&nbsp;the&nbsp;software/users&nbsp;that&nbsp;will&nbsp;deal&nbsp;with&nbsp;the&nbsp;newly&nbsp;signed&nbsp;certificate<br /><br />//&nbsp;We&nbsp;need&nbsp;our&nbsp;CA&nbsp;cert&nbsp;and&nbsp;its&nbsp;private&nbsp;key<br /></span><span style="color: #0000BB">$cacert&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"file://path/to/ca.crt"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$privkey&nbsp;</span><span style="color: #007700">=&nbsp;array(</span><span style="color: #DD0000">"file://path/to/ca.key"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"your_ca_key_passphrase"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$userscert&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_csr_sign</span><span style="color: #007700">(</span><span style="color: #0000BB">$csrdata</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$cacert</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$privkey</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">365</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">//&nbsp;Now&nbsp;display&nbsp;the&nbsp;generated&nbsp;certificate&nbsp;so&nbsp;that&nbsp;the&nbsp;user&nbsp;can<br />//&nbsp;copy&nbsp;and&nbsp;paste&nbsp;it&nbsp;into&nbsp;their&nbsp;local&nbsp;configuration&nbsp;(such&nbsp;as&nbsp;a&nbsp;file<br />//&nbsp;to&nbsp;hold&nbsp;the&nbsp;certificate&nbsp;for&nbsp;their&nbsp;SSL&nbsp;server)<br /></span><span style="color: #0000BB">openssl_x509_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$usercert</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$certout</span><span style="color: #007700">);<br />echo&nbsp;</span><span style="color: #0000BB">$certout</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">//&nbsp;Show&nbsp;any&nbsp;errors&nbsp;that&nbsp;occurred&nbsp;here<br /></span><span style="color: #007700">while&nbsp;((</span><span style="color: #0000BB">$e&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_error_string</span><span style="color: #007700">())&nbsp;!==&nbsp;</span><span style="color: #0000BB">false</span><span style="color: #007700">)&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;echo&nbsp;</span><span style="color: #0000BB">$e&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?&gt;</span></span></code></div>    </div>   </div>  </p> </div></div><hr /><div style="text-align: center;"> <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-new.html">openssl_csr_new</a></div> <div class="next" style="text-align: right; float: right;"><a href="function.openssl-error-string.html">openssl_error_string</a></div> <div class="up"><a href="ref.openssl.html">OpenSSL Functions</a></div> <div class="home"><a href="index.html">PHP Manual</a></div></div></body></html>