PHP Extension
PHP Extension
Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
See more OpenSSL Examples
Demonstrates how to duplicate this OpenSSL command:openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr
This command creates 2 files:
- mydomain.csr: this is the file to send to DigiCert or Let's Encrypt (or any other CA)
- mydomain.pem: this is the private key of the domain.
The second file is needed to pair with the certificate that will later be received from the CA.
Chilkat PHP Extension Downloads
<?php
include("chilkat.php");
$success = false;
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
$rsa = new CkRsa();
// Generate a 2048-bit key. Chilkat RSA supports
// key sizes ranging from 512 bits to 8192 bits.
$privKey = new CkPrivateKey();
$success = $rsa->GenKey(2048,$privKey);
if ($success == false) {
print $rsa->lastErrorText() . "\n";
exit;
}
$rsa->UsePrivateKey($privKey);
// Save the private key to unencrypted PKCS8 PEM
$success = $privKey->SavePkcs8PemFile('mydomain.pem');
// (alternatively) Save the private key to encrypted PKCS8 PEM
$success = $privKey->SavePkcs8EncryptedPemFile('myPassword','mydomain_enc.pem');
// We'll need the private key's modulus for the CSR.
// The modulus is not something that needs to be protected. Most people don't realize
// that a public key is actually just a subset of the private key. The public parts of
// an RSA private key are the modulus and exponent. The exponent is always 65537.
$privKeyXml = new CkXml();
$success = $privKeyXml->LoadXml($privKey->getXml());
// Get the modulus in base64 format:
$keyModulus = $privKeyXml->getChildContent('Modulus');
// --------------------------------------------------------------------------------
// Now build the CSR using Chilkat's ASN.1 API.
// The keyModulus will be embedded within the ASN.1.
// A new ASN.1 object is automatically a SEQUENCE.
// Given that the CSR's root item is a SEQUENCE, we can use
// this as the root of our CSR.
$asnRoot = new CkAsn();
// Beneath the root, we have a SEQUENCE (the certificate request info),
// another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data)
$success = $asnRoot->AppendSequence();
$success = $asnRoot->AppendSequence();
// ----------------------------------
// Build the Certificate Request Info
// ----------------------------------
// asnCertReqInfo is a CkAsn
$asnCertReqInfo = $asnRoot->GetSubItem(0);
$success = $asnCertReqInfo->AppendInt(0);
// Build the Subject part of the Certificate Request Info
// asnCertSubject is a CkAsn
$asnCertSubject = $asnCertReqInfo->AppendSequenceR();
// Add each subject part..
// asnTemp is a CkAsn
$asnTemp = $asnCertSubject->AppendSetR();
$success = $asnTemp->AppendSequence2();
// AppendSequence2 updates the internal reference to the newly appended SEQUENCE.
// The OID and printable string are added to the SEQUENCE.
$success = $asnTemp->AppendOid('2.5.4.6');
$success = $asnTemp->AppendString('printable','US');
// asnTemp is a CkAsn
$asnTemp = $asnCertSubject->AppendSetR();
$success = $asnTemp->AppendSequence2();
$success = $asnTemp->AppendOid('2.5.4.8');
$success = $asnTemp->AppendString('utf8','Utah');
// asnTemp is a CkAsn
$asnTemp = $asnCertSubject->AppendSetR();
$success = $asnTemp->AppendSequence2();
$success = $asnTemp->AppendOid('2.5.4.7');
$success = $asnTemp->AppendString('utf8','Lindon');
// asnTemp is a CkAsn
$asnTemp = $asnCertSubject->AppendSetR();
$success = $asnTemp->AppendSequence2();
$success = $asnTemp->AppendOid('2.5.4.10');
$success = $asnTemp->AppendString('utf8','DigiCert Inc.');
// asnTemp is a CkAsn
$asnTemp = $asnCertSubject->AppendSetR();
$success = $asnTemp->AppendSequence2();
$success = $asnTemp->AppendOid('2.5.4.11');
$success = $asnTemp->AppendString('utf8','DigiCert');
// asnTemp is a CkAsn
$asnTemp = $asnCertSubject->AppendSetR();
$success = $asnTemp->AppendSequence2();
$success = $asnTemp->AppendOid('2.5.4.3');
$success = $asnTemp->AppendString('utf8','example.digicert.com');
// Build the Public Key Info part of the Certificate Request Info
// asnPubKeyInfo is a CkAsn
$asnPubKeyInfo = $asnCertReqInfo->AppendSequenceR();
// asnPubKeyAlgId is a CkAsn
$asnPubKeyAlgId = $asnPubKeyInfo->AppendSequenceR();
$success = $asnPubKeyAlgId->AppendOid('1.2.840.113549.1.1.1');
$success = $asnPubKeyAlgId->AppendNull();
// The public key itself is a BIT STRING, but the bit string is composed of ASN.1
// for the RSA public key. We'll first build the RSA ASN.1 for the public key
// (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add
// the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo)
// This is already a SEQUENCE..
$asnRsaKey = new CkAsn();
// The RSA modulus is a big integer.
$success = $asnRsaKey->AppendBigInt($keyModulus,'base64');
$success = $asnRsaKey->AppendInt(65537);
$rsaKeyDerBase64 = $asnRsaKey->getEncodedDer('base64');
// Now add the RSA key DER as a BIT STRING.
$success = $asnPubKeyInfo->AppendBits($rsaKeyDerBase64,'base64');
// The last part of the certificate request info is an empty context-specific constructed item
// with a tag equal to 0.
$success = $asnCertReqInfo->AppendContextConstructed(0);
// Get the DER of the asnCertReqInfo.
// This will be signed using the RSA private key.
$bdDer = new CkBinData();
$success = $asnCertReqInfo->WriteBd($bdDer);
// Add the signature to the ASN.1
$bdSig = new CkBinData();
$success = $rsa->SignBd($bdDer,'SHA1',$bdSig);
$success = $asnRoot->AppendBits($bdSig->getEncoded('base64'),'base64');
// ----------------------------------
// Finally, add the algorithm identifier, which is the 2nd sub-item under the root.
// ----------------------------------
// asnAlgId is a CkAsn
$asnAlgId = $asnRoot->GetSubItem(1);
$success = $asnAlgId->AppendOid('1.2.840.113549.1.1.5');
$success = $asnAlgId->AppendNull();
// Write the CSR to a DER encoded binary file:
$success = $asnRoot->WriteBinaryDer('qa_output/mydomain.csr');
if ($success == false) {
print $asnRoot->lastErrorText() . "\n";
exit;
}
// It is also possible to get the CSR in base64 format:
$csrBase64 = $asnRoot->getEncodedDer('base64');
print 'Base64 CSR:' . "\n";
print $csrBase64 . "\n";
?>