PHPで証明書をエクスポートするとopenssl_pkcs12_export_to_file
、テストした電話に、自己署名CAであるルートCAが含まれていると表示されます(少なくともそう思われます)
私が使用しているコードは次のとおりです。
Class X509 {
protected $db;
private $certificate_validity = 1826;
private $certificate_values = array(
"countryName" => "NL",
"stateOrProvinceName" => "XX",
"localityName" => "xxxxxxxxxxxx",
"organizationName" => "xxxxxx",
"organizationalUnitName" => "xxx",
"emailAddress" => "x@xxx.xxx.xxx"
);
private $signing_configuration = array(
"digest_alg" => "sha1"
);
public function __construct() {
IF(!function_exists(openssl_pkcs12_export_to_file)) {
return false;
}
}
public function createCertificate($commonName) {
$this->certificate_values['commonName'] = $commonName;
$this->certificate_values['internalName'] = $commonName;
$privateKey = self::_createPrivateKey();
$password = self::_generatePassword();
$signRequest = self::_createSignRequest($privateKey);
$serial = self::_getNewSerial();
$signedRequest = self::_signRequest($signRequest, $serial);
#Export.
$export_csr = self::_exportCSR($signRequest, $commonName);
$export_p12 = self::_exportP12($signedRequest, $commonName, $privateKey, $password);
$export_cer = self::_exportCER($signedRequest, $commonName, $privateKey);
$export_pkey = self::_exportPKey($privateKey, $commonName, $password);
return array("name" => $commonName, "password" => $password);
}
private function _createPrivateKey() {
return openssl_pkey_new(array('private_key_bits' => 1024));
}
private function _createSignRequest($privateKey) {
return openssl_csr_new($this->certificate_values, $privateKey);
}
private function _getNewSerial() {
// making a random serial, since it does not matter YET
return rand(65000, 65536);
}
private function _generatePassword() {
return 'Derp1234!@';
}
private function _signRequest($signRequest, $serial) {
return openssl_csr_sign($signRequest, $this->root_ca_certificate, array($this->root_ca_privatekey_file, $this->root_ca_privatekey_pass), $this->certificate_validity, $this->signing_configuration, $serial);
}
private function _exportCSR($signedRequest, $commonName) {
return openssl_csr_export_to_file($signedRequest, $this->certificate_csr_path.$commonName.".csr");
}
private function _exportP12($signedRequest, $commonName, $privateKey, $password) {
return openssl_pkcs12_export_to_file($signedRequest, $this->certificate_p12_path.$commonName.".p12", $privateKey, $password);
}
private function _exportCER($signedRequest, $commonName, $privateKey) {
return openssl_x509_export_to_file($signedRequest, $this->certificate_cer_path.$commonName.".cer");
}
private function _exportPKey($privateKey, $commonName, $password) {
return openssl_pkey_export_to_file($privateKey, $this->certificate_pkey_path.$commonName."privatekey.pem", $password);
}
}
$c = new X509();
var_dump($c->createCertificate($_GET['cn']));
私は何かを見落としていますか、それとも完全に間違っていますか?