Chilkat HOME .NET Core C# Android™ AutoIt C C# C++ Chilkat2-Python CkPython Classic ASP DataFlex Delphi ActiveX Delphi DLL Go Java Lianja Mono C# Node.js Objective-C PHP ActiveX PHP Extension Perl PowerBuilder PowerShell PureBasic Ruby SQL Server Swift 2 Swift 3,4,5... Tcl Unicode C Unicode C++ VB.NET VBScript Visual Basic 6.0 Visual FoxPro Xojo Plugin
(PHP ActiveX) Duplicate openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csrDemonstrates how to duplicate this OpenSSL command: openssl req -newkey rsa:2048 -nodes -keyout mydomain.pem -out mydomain.csr This command creates 2 files:
The second file is needed to pair with the certificate that will later be received from the CA.
<?php // This example requires the Chilkat API to have been previously unlocked. // See Global Unlock Sample for sample code. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Rsa') $rsa = new COM("Chilkat.Rsa"); // Generate a 2048-bit key. Chilkat RSA supports // key sizes ranging from 512 bits to 8192 bits. $success = $rsa->GenerateKey(2048); if ($success != 1) { print $rsa->LastErrorText . "\n"; exit; } // privKey is a Chilkat.PrivateKey $privKey = $rsa->ExportPrivateKeyObj(); // Save the private key to unencrypted PKCS8 PEM $success = $privKey->SavePkcs8PemFile('mydomain.pem'); // (alternatively) Save the private key to encrypted PKCS8 PEM $success = $privKey->SavePkcs8EncryptedPemFile('myPassword','mydomain_enc.pem'); // We'll need the private key's modulus for the CSR. // The modulus is not something that needs to be protected. Most people don't realize // that a public key is actually just a subset of the private key. The public parts of // an RSA private key are the modulus and exponent. The exponent is always 65537. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Xml') $privKeyXml = new COM("Chilkat.Xml"); $success = $privKeyXml->LoadXml($privKey->getXml()); // Get the modulus in base64 format: $keyModulus = $privKeyXml->getChildContent('Modulus'); // -------------------------------------------------------------------------------- // Now build the CSR using Chilkat's ASN.1 API. // The keyModulus will be embedded within the ASN.1. // A new ASN.1 object is automatically a SEQUENCE. // Given that the CSR's root item is a SEQUENCE, we can use // this as the root of our CSR. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Asn') $asnRoot = new COM("Chilkat.Asn"); // Beneath the root, we have a SEQUENCE (the certificate request info), // another SEQUENCE (the algorithm identifier), and a BITSTRING (the signature data) $success = $asnRoot->AppendSequence(); $success = $asnRoot->AppendSequence(); // ---------------------------------- // Build the Certificate Request Info // ---------------------------------- // asnCertReqInfo is a Chilkat.Asn $asnCertReqInfo = $asnRoot->GetSubItem(0); $success = $asnCertReqInfo->AppendInt(0); // Build the Subject part of the Certificate Request Info // asnCertSubject is a Chilkat.Asn $asnCertSubject = $asnCertReqInfo->AppendSequenceR(); // Add each subject part.. // asnTemp is a Chilkat.Asn $asnTemp = $asnCertSubject->AppendSetR(); $success = $asnTemp->AppendSequence2(); // AppendSequence2 updates the internal reference to the newly appended SEQUENCE. // The OID and printable string are added to the SEQUENCE. $success = $asnTemp->AppendOid('2.5.4.6'); $success = $asnTemp->AppendString('printable','US'); // asnTemp is a Chilkat.Asn $asnTemp = $asnCertSubject->AppendSetR(); $success = $asnTemp->AppendSequence2(); $success = $asnTemp->AppendOid('2.5.4.8'); $success = $asnTemp->AppendString('utf8','Utah'); // asnTemp is a Chilkat.Asn $asnTemp = $asnCertSubject->AppendSetR(); $success = $asnTemp->AppendSequence2(); $success = $asnTemp->AppendOid('2.5.4.7'); $success = $asnTemp->AppendString('utf8','Lindon'); // asnTemp is a Chilkat.Asn $asnTemp = $asnCertSubject->AppendSetR(); $success = $asnTemp->AppendSequence2(); $success = $asnTemp->AppendOid('2.5.4.10'); $success = $asnTemp->AppendString('utf8','DigiCert Inc.'); // asnTemp is a Chilkat.Asn $asnTemp = $asnCertSubject->AppendSetR(); $success = $asnTemp->AppendSequence2(); $success = $asnTemp->AppendOid('2.5.4.11'); $success = $asnTemp->AppendString('utf8','DigiCert'); // asnTemp is a Chilkat.Asn $asnTemp = $asnCertSubject->AppendSetR(); $success = $asnTemp->AppendSequence2(); $success = $asnTemp->AppendOid('2.5.4.3'); $success = $asnTemp->AppendString('utf8','example.digicert.com'); // Build the Public Key Info part of the Certificate Request Info // asnPubKeyInfo is a Chilkat.Asn $asnPubKeyInfo = $asnCertReqInfo->AppendSequenceR(); // asnPubKeyAlgId is a Chilkat.Asn $asnPubKeyAlgId = $asnPubKeyInfo->AppendSequenceR(); $success = $asnPubKeyAlgId->AppendOid('1.2.840.113549.1.1.1'); $success = $asnPubKeyAlgId->AppendNull(); // The public key itself is a BIT STRING, but the bit string is composed of ASN.1 // for the RSA public key. We'll first build the RSA ASN.1 for the public key // (containing the 2048 bit modulus and exponent), and encoded it to DER, and then add // the DER bytes as a BIT STRING (as a sub-item of asnPubKeyInfo) // This is already a SEQUENCE.. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.Asn') $asnRsaKey = new COM("Chilkat.Asn"); // The RSA modulus is a big integer. $success = $asnRsaKey->AppendBigInt($keyModulus,'base64'); $success = $asnRsaKey->AppendInt(65537); $rsaKeyDerBase64 = $asnRsaKey->getEncodedDer('base64'); // Now add the RSA key DER as a BIT STRING. $success = $asnPubKeyInfo->AppendBits($rsaKeyDerBase64,'base64'); // The last part of the certificate request info is an empty context-specific constructed item // with a tag equal to 0. $success = $asnCertReqInfo->AppendContextConstructed(0); // Get the DER of the asnCertReqInfo. // This will be signed using the RSA private key. // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.BinData') $bdDer = new COM("Chilkat.BinData"); $success = $asnCertReqInfo->WriteBd($bdDer); // Add the signature to the ASN.1 // For versions of Chilkat < 10.0.0, use new COM('Chilkat_9_5_0.Chilkat.BinData') $bdSig = new COM("Chilkat.BinData"); $success = $rsa->SignBd($bdDer,'SHA1',$bdSig); $success = $asnRoot->AppendBits($bdSig->getEncoded('base64'),'base64'); // ---------------------------------- // Finally, add the algorithm identifier, which is the 2nd sub-item under the root. // ---------------------------------- // asnAlgId is a Chilkat.Asn $asnAlgId = $asnRoot->GetSubItem(1); $success = $asnAlgId->AppendOid('1.2.840.113549.1.1.5'); $success = $asnAlgId->AppendNull(); // Write the CSR to a DER encoded binary file: $success = $asnRoot->WriteBinaryDer('qa_output/mydomain.csr'); if ($success != 1) { print $asnRoot->LastErrorText . "\n"; exit; } // It is also possible to get the CSR in base64 format: $csrBase64 = $asnRoot->getEncodedDer('base64'); print 'Base64 CSR:' . "\n"; print $csrBase64 . "\n"; ?> |
© 2000-2024 Chilkat Software, Inc. All Rights Reserved.