我想创建一个自签名证书。请参阅simplesamlphp所需的证书:http : //simplesamlphp.org/docs/stable/simplesamlphp-idp#section_7
openssl req -newkey rsa:2048 -new -x509 -days 3652 -nodes
-out example.org.crt -keyout example.org.pem
我遵循了如何在 PHP 中创建数字证书并导出到 .p12 文件?
<?php
$dn = array(
"countryName" => "UK",
"stateOrProvinceName" => "Somerset",
"localityName" => "Glastonbury",
"organizationName" => "The Brain Room Limited",
"organizationalUnitName" => "PHP Documentation Team",
"commonName" => "Wez Furlong",
"emailAddress" => "wez@example.com"
);
$privkey = openssl_pkey_new();
$csr = openssl_csr_new($dn, $privkey);
$sscert = openssl_csr_sign($csr, null, $privkey, 365);
openssl_csr_export($csr, $csrout) and var_dump($csrout);
openssl_x509_export($sscert, $certout) and var_dump($certout);
openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_string()) !== false) {
echo $e . "\n";
}
?>
我得到了输出:
string(749) "-----BEGIN CERTIFICATE REQUEST-----
MIIB7zCCAVgCAQAwga4xCzAJBgNVBAYTAlVLMREwDwYDVQQIEwhTb21lcnNldDEU
MBIGA1UEBxMLR2xhc3RvbmJ1cnkxHzAdBgNVBAoTFlRoZSBCcmFpbiBSb29tIExp
bWl0ZWQxHzAdBgNVBAsTFlBIUCBEb2N1bWVudGF0aW9uIFRlYW0xFDASBgNVBAMT
C1dleiBGdXJsb25nMR4wHAYJKoZIhvcNAQkBFg93ZXpAZXhhbXBsZS5jb20wgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMIGCb4LaB9eS6nF8oijsPaYr7nEM0Vi
GdQwbqGdmyTA9TN+nvb3tIbdz7TAW8mrFzCyFv/32q0HNpU75x7HoVq19E9SP7EZ
FYPoCXYnjiWocoStb3zTvE7aXGPx60VNhRDy2RsXEnmO02McdIUDwP13SIXof2w1
xYwBc0aJczpdAgMBAAGgADANBgkqhkiG9w0BAQQFAAOBgQCLn0cLtRc/lJBG4ZvM
5DcdaKdkZRLoH+l2ikJh7y0EkHLbwfNo0ZagK93Ffr+ZrfsXlSS8eUIJTyTXnpi0
E0fow7SIxzEWBGz3fLASlSJ6F6+fUussfPlZpVD/uVpQ+80I5S6w/u2GZWkC82xb
JYOLSyBCvj+MGkdqFAWOai07jQ==
-----END CERTIFICATE REQUEST-----
"
string(1411) "-----BEGIN CERTIFICATE-----
MIID5TCCA06gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBrjELMAkGA1UEBhMCVUsx
ETAPBgNVBAgTCFNvbWVyc2V0MRQwEgYDVQQHEwtHbGFzdG9uYnVyeTEfMB0GA1UE
ChMWVGhlIEJyYWluIFJvb20gTGltaXRlZDEfMB0GA1UECxMWUEhQIERvY3VtZW50
YXRpb24gVGVhbTEUMBIGA1UEAxMLV2V6IEZ1cmxvbmcxHjAcBgkqhkiG9w0BCQEW
D3dlekBleGFtcGxlLmNvbTAeFw0xMjExMjkwNzMzMDFaFw0xMzExMjkwNzMzMDFa
MIGuMQswCQYDVQQGEwJVSzERMA8GA1UECBMIU29tZXJzZXQxFDASBgNVBAcTC0ds
YXN0b25idXJ5MR8wHQYDVQQKExZUaGUgQnJhaW4gUm9vbSBMaW1pdGVkMR8wHQYD
VQQLExZQSFAgRG9jdW1lbnRhdGlvbiBUZWFtMRQwEgYDVQQDEwtXZXogRnVybG9u
ZzEeMBwGCSqGSIb3DQEJARYPd2V6QGV4YW1wbGUuY29tMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDCBgm+C2gfXkupxfKIo7D2mK+5xDNFYhnUMG6hnZskwPUz
fp7297SG3c+0wFvJqxcwshb/99qtBzaVO+cex6FatfRPUj+xGRWD6Al2J44lqHKE
rW9807xO2lxj8etFTYUQ8tkbFxJ5jtNjHHSFA8D9d0iF6H9sNcWMAXNGiXM6XQID
AQABo4IBDzCCAQswHQYDVR0OBBYEFO5v9O1tR+XtzOtJgohJ9iISwaY9MIHbBgNV
HSMEgdMwgdCAFO5v9O1tR+XtzOtJgohJ9iISwaY9oYG0pIGxMIGuMQswCQYDVQQG
EwJVSzERMA8GA1UECBMIU29tZXJzZXQxFDASBgNVBAcTC0dsYXN0b25idXJ5MR8w
HQYDVQQKExZUaGUgQnJhaW4gUm9vbSBMaW1pdGVkMR8wHQYDVQQLExZQSFAgRG9j
dW1lbnRhdGlvbiBUZWFtMRQwEgYDVQQDEwtXZXogRnVybG9uZzEeMBwGCSqGSIb3
DQEJARYPd2V6QGV4YW1wbGUuY29tggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQEEBQADgYEAsUHeLNGmFUv45vpSN2Z6xDrfzZ9vD+VJmkn6cHTmdBfHK1EcNksE
3vxWGnwoAcg4BrExi7uQxNR49FJpr33faMPTbknHDCcqVjvJYH80/LNlZeCl7Col
PvaZyj2KxsVwiVpB6qHTeSuKWR0tIRblYcGi/ZxkJ1eAcoQFsXJc61g=
-----END CERTIFICATE-----
"
string(963) "-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,CD49113D33A48581
vrIEErD2tusgVcXJfDroidd2u/0Es+JVkYVOf9zV1DVR0vBUpB3+urV8tjDtVpe4
8aAFXjEVMJbEBKyHOJc0200OA0PGR1I13jSlP+4xkg1Yj/1e1AiYrXRQZDlKLpIX
CLLRDmxdqW6FfLap9rRLEnON1RS6AdKWLAd9bij6/gV9/ogzHIDZEc1KJwE88ZiZ
LE0aFWXVm8++LJKOy4M0MOpRDAOUa+IeD+Urb9zBKUzRmZWMeJhshXeP9ll5Q4gX
Jy2EwNLXS61sKD24EGLtZNGiL6wIOxfOteo2T+TfJgStfxAX3fmnlT5z+/a94zuo
hl9BiLYKbNmsNnurVuLRuvQPhwKBczsGljKvuem4/VHxwTeZERU/bTKpXuJWrJi5
+klLouoburLf5OKAKk5dZPLh+KVIa1UWNEkI+GP3JYD+/N6hqsGO/4uOXD30zpOD
9yA5HrYflKMEwzirfeNeLfaUwHFoa7bFKEOqzfJqqVBDXKcBCyrNXqmtQn+SkWk4
j/w8+3Rc+FRAZL8ndPmoZRpvJUPR3K+NzLPdOnQ157srxNbh9ckRk0cTMIaAlhxn
+UqJUDeWBJX1qkDp4gG1gG11Nu2LoF/xfkScu0JG9xcev1Ib6auuJI82vau/6Q8w
qapNpTjUYVsc+aviz10mXCMwF2x5okSmzelHk4U42234XgCec6Gj6ml7fqkIS+P7
bHx1x9Ov8LLmnjZPHVv/p6Nqpb3j1IkEDDkZ8M1s5+Eky5gw9vDNdox3bZLEyEfL
OW7PXvfIggHmyfnsFyIfzdZGVfTSXv9Gsq/QMfbrXeRcGb9yEG5Hng==
-----END RSA PRIVATE KEY-----
"
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
error:0E06D06C:configuration file routines:NCONF_get_string:no value
我拿了$pkeyout
as server.pem和$certout
as server.crt。
但我收到错误:
Warning: openssl_sign(): supplied key param cannot be coerced into a private key in
/var/www/sso/simplesamlphp/lib/xmlseclibs.php on line 478
Warning: openssl_sign(): supplied key param cannot be coerced into a private key in
/var/www/sso/simplesamlphp/lib/xmlseclibs.php on line 478