'CN', //所在国家名称 "stateOrProvinceName" => 'GD', //所在省份名称 "localityName" => 'GZ', //所在城市名称 "organizationName" => $organizationName, //注册人姓名 "organizationalUnitName" => $organizationalUnitName, //组织名称 "commonName" => $commonName, //公共名称 "emailAddress" => $emailAddress //邮箱 ); $opensslConfigurationFilePath = sprintf("%s/%s.%s.%s.conf", getcwd(), "openssl", mt_rand(1000000, 9999999), time()); $filename = getcwd()."/demoCA/openssl.cnf"; $handle = fopen($filename, "r"); $contents = fread($handle, filesize($filename)) or die("打开文件出错"); fclose($handle); $strtmp=""; foreach ($dnsNames as $key => $value) { $strtmp=sprintf("\nDNS.%d = %s", $key + 1, $value); $contents=$contents.$strtmp; } $opensslConfigurationFilePointer = fopen($opensslConfigurationFilePath, "w+"); // Write SANs fwrite($opensslConfigurationFilePointer,$contents); // Close configuration pointer fflush($opensslConfigurationFilePointer); fclose($opensslConfigurationFilePointer); $configurationArray = [ "digest_alg" => "sha384", "x509_extensions" => "usr_cert", "config" => $opensslConfigurationFilePath, // Use $opensslConfigurationFilePath as configuration file ]; $cacert = file_get_contents("./demoCA/cacert.crt"); //CA证书文件 $cakey = array(file_get_contents("./demoCA/private/cakey.pem"),NULL); //CA私钥文件 $privkey = openssl_pkey_new(array("private_key_bits" => 2048, "private_key_type" => OPENSSL_KEYTYPE_RSA,)); $privkeypass = '123456'; //私钥密码 $numberofdays = 3650; //有效时长 $keypath = "./demoCA/certs/".$commonName.".key"; $cerpath = "./demoCA/certs/".$commonName.".crt"; //生成证书路径 $pfxpath = "./demoCA/certs/".$commonName.".pfx"; //密钥文件路径 $serial = time(); $csr = openssl_csr_new($dn, $privkey, $configurationArray); $sscert = openssl_csr_sign($csr, $cacert, $cakey, $numberofdays, $configurationArray, $serial); openssl_x509_export_to_file($sscert, $cerpath); //导出证书到文件 openssl_pkey_export_to_file($privkey,$keypath,NULL); openssl_pkcs12_export_to_file($sscert, $pfxpath, $privkey, $privkeypass); //生成密钥文件 //最后删除配置文件 unlink($opensslConfigurationFilePath); echo "download CAroot cert file
"; echo "download key file
"; echo "download cert file
"; echo "download pfx file
"; ?>