1

下面代码的 perl 中创建自签名证书的等效示例是什么?

我所有可用的是 Crypt::OpenSSL::RSA (如果有另一个模块,请告诉我,以便我可以验证它是否可用或可以安装,因为我不是管理员/所有者并且由于权利问题而不能自己做)我还没有在有关如何实现此类的文档中找到...如果可能的话,我确实想避免使用命令行命令,但如果这是创建此命令的最后手段...

<?php
// The certificate password
$passphrase = "some random password";

// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$certificateInfo = array(
    "countryName" => "UK",
    "stateOrProvinceName" => "England",
    "localityName" => "London",
    "organizationName" => "blabla",
    "organizationalUnitName" => "Bla bla Developer's Team",
    "commonName" => "blabla.com",
    "emailAddress" => "support@blabla.com"
);

$configargs = array(
    'digest_alg' => 'sha1',
    'private_key_bits' => 1024,
    'private_key_type' => OPENSSL_KEYTYPE_RSA,
    'encrypt_key' => true
    );

// Generate a new private (and public) key pair
$privkey = null;

// Generate a certificate signing request
$csr = openssl_csr_new($certificateInfo, $privkey);

// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365, $configargs);//, $configArgs

// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
openssl_csr_export($csr, $csrout);
openssl_x509_export($sscert, $certout);
openssl_pkey_export($privkey, $pkeyout, $passphrase);
?>
4

3 回答 3

0

大多数 Perl 模块,包括您发现的常见 Crypt::OpenSSL::RSA 模块,都只是openssl命令的包装器。

所以,我建议您首先考虑您需要的数据以及如何在命令行上完成它。有一些很棒的例子教程

然后,如果您想从 Perl 执行此操作,您可以调整来自 Crypt::OpenSSL::RSAOpenCA::OpenSSL(用于集成 OpenSSL 命令的另一个流行模块)的示例代码,以包含您想要的值和设置。

或者,每个 OpenSSL 安装中都包含一个名为CA.pl的 Perl 脚本:这也是获取他们的示例并对其进行调整以满足您的需求的好地方。(在我的基于 Debian 的服务器上,它安装在/usr/lib/ssl/misc/CA.pl,但可能会有所不同。)

祝你好运!

于 2010-07-02T14:50:04.383 回答
0

试试OpenCA::OpenSSL。我认为这应该做你需要的。

于 2010-07-08T12:16:59.657 回答
0

您可以尝试Crypt::OpenSSL::CA最初的示例似乎或多或少地做了您想要的。您可能需要首先通过其他方式生成密钥对,可能是通过 Crypt::OpenSSL::RSA。

于 2010-07-08T13:34:24.003 回答