By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,835 Members | 1,391 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,835 IT Pros & Developers. It's quick & easy.

Enabling (PHP5) OpenSSL extensions when signing a certificate

P: n/a
I have been trying to enable/use specific OpenSSL extensions that I use in
generating certificates manually, via PHP5 + php5-openssl
module/extension.

Filling out the "configargs" array with 'x509_extensions' and/or
'req_extensions' fails to generate/sign a certificate with the desired
X.509 extensions included in the signed certificate. The extensions in my
"openssl.cnf" file work just fine with manual OpenSSL commands.

Also, I am not sure that the "configargs" array method of specifying an
OpenSSL configuration file works properly. I have looked at the openssl.c
code, and see that the signing code appears to use the certificate request
extension, rather than a "regular" extension specification, thereby
ignoring the 'x509_extension' argument. Actually, I find the entirety of
the openssl.c code to be very confusing, but that is besides the point.

SO - I want to be able to use OpenSSL extensions, via PHP5-OpenSSL, of ANY
type as I can with manual OpenSSL commands (or modified CA.sh scripts)
where the REQ or CA commands accept a "-extensions" parameter, but I
haven't been able to get this to work yet.
Jul 17 '05 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.