PHP ActiveX
PHP ActiveX
Generate a CSR with keyUsage, extKeyUsage, and other Extensions
See more CSR Examples
Demonstrates how to generate a CSR containing a 1.2.840.113549.1.9.14 extensionRequest with the following extensions:- 1.3.6.1.4.1.311.20.2 enrollCerttypeExtension
- 2.5.29.15 keyUsage
- 2.5.29.37 extKeyUsage
- 2.5.29.14 subjectKeyIdentifier
Chilkat PHP ActiveX Downloads
<?php
$success = 0;
// This requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.
// This example will generate a secp256r1 ECDSA key for the CSR.
$ecc = new COM("Chilkat.Ecc");
$prng = new COM("Chilkat.Prng");
$privKey = new COM("Chilkat.PrivateKey");
$success = $ecc->GenKey('secp256r1',$prng,$privKey);
if ($success == 0) {
print 'Failed to generate a new ECDSA private key.' . "\n";
exit;
}
$csr = new COM("Chilkat.Csr");
// Add common CSR fields:
$csr->CommonName = 'mysubdomain.mydomain.com';
$csr->Country = 'GB';
$csr->State = 'Yorks';
$csr->Locality = 'York';
$csr->Company = 'Internet Widgits Pty Ltd';
$csr->EmailAddress = 'support@mydomain.com';
// Add the following 1.2.840.113549.1.9.14 extensionRequest
// Note: The easiest way to know the content and format of the XML to be added is to examine
// a pre-existing CSR with the same desired extensionRequest. You can use Chilkat to
// get the extensionRequest from an existing CSR.
//
// Here is a sample extension request:
// <?xml version="1.0" encoding="utf-8"?>
// <set>
// <sequence>
// <sequence>
// <oid>1.3.6.1.4.1.311.20.2</oid>
// <asnOctets>
// <universal tag="30" constructed="0">AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABl
// AF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx</universal>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.15</oid>
// <bool>1</bool>
// <asnOctets>
// <bits n="3">A0</bits>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.37</oid>
// <asnOctets>
// <sequence>
// <oid>1.3.6.1.5.5.7.3.3</oid>
// </sequence>
// </asnOctets>
// </sequence>
// <sequence>
// <oid>2.5.29.14</oid>
// <asnOctets>
// <octets>MCzBMQAViXBz8IDt8LsgmJxJ4Xg=</octets>
// </asnOctets>
// </sequence>
// </sequence>
// </set>
// Use this online tool to generate code from sample XML:
// Generate Code to Create XML
// A few notes:
// The string "AEUAbgBkAEUAbgB0AGkAdAB5AEMAbABpAGUAbgB0AEEAdQB0AGgAQwBlAHIAdABpAGYAaQBjAGEAdABlAF8AQwBTAFIAUABhAHMAcwB0AGgAcgBvAHUAZwBoAC8AVgAx"
// is the base64 encoding of the utf-16be byte representation of the string "EndEntityClientAuthCertificate_CSRPassthrough/V1"
$s = 'EndEntityClientAuthCertificate_CSRPassthrough/V1';
$bdTemp = new COM("Chilkat.BinData");
$bdTemp->AppendString($s,'utf-16be');
$s_base64_utf16be = $bdTemp->getEncoded('base64');
// The string should be "AEUA....."
print $s_base64_utf16be . "\n";
// Here's the code to generate the above extension request.
$xml = new COM("Chilkat.Xml");
$xml->Tag = 'set';
$xml->UpdateChildContent('sequence|sequence|oid','1.3.6.1.4.1.311.20.2');
$xml->UpdateAttrAt('sequence|sequence|asnOctets|universal',1,'tag','30');
$xml->UpdateAttrAt('sequence|sequence|asnOctets|universal',1,'constructed','0');
$xml->UpdateChildContent('sequence|sequence|asnOctets|universal',$s_base64_utf16be);
$xml->UpdateChildContent('sequence|sequence[1]|oid','2.5.29.15');
$xml->UpdateChildContent('sequence|sequence[1]|bool','1');
$xml->UpdateAttrAt('sequence|sequence[1]|asnOctets|bits',1,'n','3');
// A0 is hex for decimal 160.
$xml->UpdateChildContent('sequence|sequence[1]|asnOctets|bits','A0');
$xml->UpdateChildContent('sequence|sequence[2]|oid','2.5.29.37');
$xml->UpdateChildContent('sequence|sequence[2]|asnOctets|sequence|oid','1.3.6.1.5.5.7.3.3');
// This is the subjectKeyIdentifier extension.
// The string "MCzBMQAViXBz8IDt8LsgmJxJ4Xg=" is base64 that decodes to 20 bytes, which is a SHA1 hash.
// This is simply a hash of the DER of the public key.
$pubKey = new COM("Chilkat.PublicKey");
$privKey->ToPublicKey($pubKey);
$bdPubKeyDer = new COM("Chilkat.BinData");
$bdPubKeyDer->AppendEncoded($pubKey->getEncoded(1,'base64'),'base64');
$ski = $bdPubKeyDer->getHash('sha1','base64');
$xml->UpdateChildContent('sequence|sequence[3]|oid','2.5.29.14');
$xml->UpdateChildContent('sequence|sequence[3]|asnOctets|octets',$ski);
// Add the extension request to the CSR
$csr->SetExtensionRequest($xml);
// Generate the CSR with the extension request
$csrPem = $csr->genCsrPem($privKey);
if ($csr->LastMethodSuccess == 0) {
print $csr->LastErrorText . "\n";
exit;
}
print $csrPem . "\n";
?>