$privateKey = openssl_pkey_new(); while($message = openssl_error_string()){ echo $message.'<br />'.PHP_EOL; }
调用后会有如下输出:
error:02001003:system library:fopen:No such process error:2006D080:BIO routines:BIO_new_file:no such file error:0E064002:configuration file routines:CONF_load:system lib error:02001003:system library:fopen:No such process error:2006D080:BIO routines:BIO_new_file:no such file error:0E064002:configuration file routines:CONF_load:system lib过程中,openssl_csr_new,openssl_csr_sign,openssl_pkey_new 这3个方法调用都会有上述错误输出
解决方案,为每个方法指定openssl.conf文件路径
修改后成功运行demo如下:
$dn = array(
"countryName" => 'XX', //所在国家名称
"stateOrProvinceName" => 'State', //所在省份名称
"localityName" => 'SomewhereCity', //所在城市名称
"organizationName" => 'MySelf', //注册人姓名
"organizationalUnitName" => 'Whatever', //组织名称
"commonName" => 'mySelf', //公共名称
"emailAddress" => 'user@domain.com' //邮箱
);
$privkeypass = '111111'; //私钥密码
$numberofdays = 365; //有效时长
$cerpath = "./test.cer"; //生成证书路径
$pfxpath = "./test.pfx"; //密钥文件路径
//生成证书
//$privkey = openssl_pkey_new();
$opensslConfigPath = "E:/XAMPP/apache/bin/openssl.cnf"; //E:/XAMPP/php/extras/openssl/openssl.cnf "E:/XAMPP/apache/conf/openssl.cnf"; //apache路径下的openssl.conf文件路径
// E:/XAMPP/apache/bin/openssl.cnf
var_dump(getenv('OPENSSL_CONF'));
// set OPENSSL_CONF="E:/XAMPP/php/extras/openssl/openssl.cnf"
// set OPENSSL_CONF="E:/XAMPP/apache/conf/openssl.cnf"
// set OPENSSL_CONF="E:/XAMPP/apache/bin/openssl.cnf"
$config = array(
'private_key_bits' => 2048,
'config' => $opensslConfigPath
);
$privkey = openssl_pkey_new($config);
var_dump('1#openssl_pkey_new::::');var_dump ($privkey);
$configargs = array('config'=>$opensslConfigPath);
$csr = openssl_csr_new($dn, $privkey,$configargs);
var_dump('2#openssl_csr_new::::');var_dump($csr);
$sscert = openssl_csr_sign($csr, null, $privkey, $numberofdays, $configargs);
var_dump('3#openssl_csr_sign::::');var_dump($sscert);
openssl_x509_export($sscert, $csrkey); //导出证书$csrkey
openssl_pkcs12_export($sscert, $privatekey, $privkey, $privkeypass); //导出密钥$privatekey
//生成证书文件
$fp = fopen($cerpath, "w");
fwrite($fp, $csrkey);
fclose($fp);
//生成密钥文件
$fp = fopen($pfxpath, "w");
fwrite($fp, $privatekey);
fclose($fp);
while (($e = openssl_error_string()) !== false) {
echo $e . "\n<br/><br/>";
}exit();