2

phpで秘密鍵と公開鍵のペアを生成しようとしています。

サーバー:Apache / 2.4.3(Win32)OpenSSL / 1.0.1c PHP / 5.4.7

OSはWindowsXPSP3であり、すべてのWindowsUpdateがインストールされています。

次のスクリプトを実行しようとしています。

<?php

$ssl_path = getcwd();
$ssl_path = preg_replace('/\\\/','/', $ssl_path);  // Replace \ with /

$config = array(
    'config'           => "$ssl_path/openssl.cnf",
    'private_key_bits' => 1024, 
    'private_key_type' => OPENSSL_KEYTYPE_RSA
);

$dn = array(
   "countryName"            => "AT",
   "stateOrProvinceName"    => "Vienna",
   "localityName"           => "Cambs",
   "organizationName"       => "UniServer",
   "organizationalUnitName" => "Demo",
   "commonName"             => "localhost",
   "emailAddress"           => "me@example.com"
);

$privateKey = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $privateKey, $config);
$sscert = openssl_csr_sign($csr, NULL, $privateKey, 365, $config);
openssl_pkey_export_to_file($privateKey, "C:/server.key", NULL, $config);
openssl_x509_export_to_file($sscert,  "C:/server.crt", FALSE);
openssl_csr_export_to_file($csr, "C:/server.csr");
$keyDetails = openssl_pkey_get_details($privateKey);
file_put_contents('C:/public.key', $keyDetails['key']);

?>

これは私のopenssl.cnfです:

#######################################################################
# File name: openssl.cnf
# Created By: The Uniform Server Development Team
########################################################################

#
# OpenSSL configuration file.
#

# Establish working directory.
dir         = .

[ req ]
default_bits            = 1024
default_md              = sha1
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
x509_extensions         = v3_ca
string_mask             = nombstr

[ req_distinguished_name ]
countryName             = Country Name (2 letter code)
countryName_min         = 2
countryName_max         = 2
stateOrProvinceName     = State or Province Name (full name)
localityName            = Locality Name (eg, city)
0.organizationName      = Organization Name (eg, company)
organizationalUnitName  = Organizational Unit Name (eg, section)
commonName              = Common Name (eg, YOUR fqdn)
commonName_max          = 64
emailAddress            = Email Address
emailAddress_max        = 64

[ ssl_server ]
basicConstraints        = CA:FALSE
nsCertType              = server
keyUsage                = digitalSignature, keyEncipherment
extendedKeyUsage        = serverAuth, nsSGC, msSGC
nsComment               = "OpenSSL Certificate for SSL Web Server"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage         = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
basicConstraints        = critical, CA:true, pathlen:0
nsCertType              = sslCA
keyUsage                = cRLSign, keyCertSign
extendedKeyUsage        = serverAuth, clientAuth
nsComment               = "OpenSSL CA Certificate"

このスクリプトを実行しようとすると、apacheがクラッシュして再起動します。この問題の原因は何ですか?

ところで:phpseclib0.3.1 libを使おうとすると、同じエラーが発生します。

よろしくお願いします!

4

1 に答える 1

2

私の経験では、openssl_pkey_get_details()は、秘密鍵ではなく公開鍵を取得するためにX.509証明書を必要とします(ドキュメントに記載されている内容にかかわらず)。

純粋なPHPX.509実装であるphpseclibを使用すると、実際にはこれらすべてを実行する方が簡単な場合があります。例えば。:

http://phpseclib.sourceforge.net/x509/examples.html#selfsigned

<?php
include('File/X509.php');
include('Crypt/RSA.php');

// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);

$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();

$subject = new File_X509();
$subject->setDN(array(
    "countryName"            => "AT",
    "stateOrProvinceName"    => "Vienna",
    "localityName"           => "Cambs",
    "organizationName"       => "UniServer",
    "organizationalUnitName" => "Demo",
    "commonName"             => "localhost",
    "emailAddress"           => "me@example.com"
 ));
$subject->setPublicKey($pubKey);

$issuer = new File_X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());

$x509 = new File_X509();

$result = $x509->sign($issuer, $subject);

$csr = $issuer->signCSR();
$csr = $x509->saveCSR($csr);

file_put_contents("C:/server.key", $privKey->getPrivateKey());
file_put_contents("C:/server.crt", $x509->saveX509($result));
file_put_contents('C:/public.key', $privKey->getPublicKey());
file_put_contents("C:/server.csr", $csr);
?>
于 2012-12-04T21:58:45.383 に答える