openssl_pkcs12_export()
(PHP 5 >= 5.2.2, PHP 7)
将 PKCS#12 兼容证书存储文件导出到变量
说明
openssl_pkcs12_export(mixed $x509,string &$out, mixed $priv_key,string $pass[,array $args]): bool
openssl_pkcs12_export()以 PKCS#12 文件格式将$x509导入到以$out命名类型为字符串的变量中。
参数
- $x509
参见密钥/证书参数以获取有效值列表。
- $out
成功,该字符串将为 PKCS#12 格式。
- $priv_key
PKCS#12 文件的私钥部分file,参见公/私钥参数获取更多可用列表。
- $pass
用来解锁 PKCS#12 文件的解密密码。
- $args
可选数组,其他主键将被忽略。
Key 说明 "extracerts" PKCS#12 文件中包含的额外证书或单个证书的数组。 "friendlyname" 被证书和密钥使用的字符串
返回值
成功时返回TRUE,或者在失败时返回FALSE。
If your certificate is not password-protected, just use null or a blank string. Otherwise, this function won't work.
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args = array(
'extracerts' => array(
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
// ...
)
);
?>
You can use this to prepare a PEM.
<?php
$pemChain = '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args = array(
'extracerts' => $CAcert,
'friendly_name' => 'My signed cert by CA certificate'
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format , -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
Example: <?php $key = openssl_pkey_get_private(Private_Key, Password); openssl_pkcs12_export(Certificate, $iis, $key, Password); ?>