OpenSSL

T

teplenev2011-11-11 15:41:39

OpenSSL

teplenev, 2011-11-11 15:41:39

OpenSSL

Good evening everyone!

The openssl_pkcs7_sign() function described at www.php.net/manual/en/function.openssl-pkcs7-sign.php , what does it take as parameters?

More precisely, I'm asking about the certificate and the private key (the third and fourth parameters).

Is a .crt file accepted as a certificate?

If I get a .pem file from a .crt file issued by Entrast using openssl, can I feed this .pem file to this function as a private key? Or not? And what should I specify as a passphrase then? The password that I specified when registering the certificate?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

C

charon, 2011-11-11
@charon

in theory, both crt and pem file are accepted as a certificate.
As for the private key, there are 2 options:
1) if you yourself generated a request for a certificate that was sent to Entrast, then it signed and returned it - in this case, the private key was created by you when generating the request along with the certificate request ( the request was sent to Entrast, but the key was not sent);
2) if you did not form a request, but immediately requested a certificate, then theoretically Entrast should send you 2 files: a private key separately, and a certificate separately. Although the private key can be embedded in the certificate.
Just try to open the crt file from Entrast and look for the lines there. If they are there, then this is your private key. Function
-----BEGIN RSA PRIVATE KEY----- ..... -----END RSA PRIVATE KEY-----
openssl_pkcs7_sign() expects a private key separately, so you can't feed it a pem file.
Passphrase - yes, this is the one that was specified when requesting the certificate. But for testing, you can try passing an empty string to this argument.