Visit Our UNIX and Linux User Community

Linux and UNIX Man Pages

Test Your Knowledge in Computers #482
Difficulty: Medium
in 2018, developers and programmers rarely used an Integrated Development Environment (IDE) that provided a text editor with code highlighting.
True or False?
Linux & Unix Commands - Search Man Pages

openssl_csr_sign(3) [php man page]

OPENSSL_CSR_SIGN(3)							 1						       OPENSSL_CSR_SIGN(3)

openssl_csr_sign - Sign a CSR with another certificate (or itself) and generate a certificate

resource openssl_csr_sign (mixed $csr, mixed $cacert, mixed $priv_key, int $days, [array $configargs], [int $serial]) DESCRIPTION
openssl_csr_sign(3) generates an x509 certificate resource from the given CSR. Note You need to have a valid openssl.cnf installed for this function to operate correctly. See the notes under the installation section for more information. PARAMETERS
o $csr - A CSR previously generated by openssl_csr_new(3). It can also be the path to a PEM encoded CSR when specified as file://path/to/csr or an exported string generated by openssl_csr_export(3). o $cacert - The generated certificate will be signed by $cacert. If $cacert is NULL, the generated certificate will be a self-signed cer- tificate. o $priv_key -$priv_key is the private key that corresponds to $cacert. o $days -$days specifies the length of time for which the generated certificate will be valid, in days. o $configargs - You can finetune the CSR signing by $configargs. See openssl_csr_new(3) for more information about $configargs. o $serial - An optional the serial number of issued certificate. If not specified it will default to 0. RETURN VALUES
Returns an x509 certificate resource on success, FALSE on failure. EXAMPLES
Example #1 openssl_csr_sign(3) example - signing a CSR (how to implement your own CA) <?php // Let's assume that this script is set to receive a CSR that has // been pasted into a textarea from another page $csrdata = $_POST["CSR"]; // We will sign the request using our own "certificate authority" // certificate. You can use any certificate to sign another, but // the process is worthless unless the signing certificate is trusted // by the software/users that will deal with the newly signed certificate // We need our CA cert and its private key $cacert = "file://path/to/ca.crt"; $privkey = array("file://path/to/ca.key", "your_ca_key_passphrase"); $usercert = openssl_csr_sign($csrdata, $cacert, $privkey, 365); // Now display the generated certificate so that the user can // copy and paste it into their local configuration (such as a file // to hold the certificate for their SSL server) openssl_x509_export($usercert, $certout); echo $certout; // Show any errors that occurred here while (($e = openssl_error_string()) !== false) { echo $e . " "; } ?> PHP Documentation Group OPENSSL_CSR_SIGN(3)

Check Out this Related Man Page

GENKEY(1)						      Cryptography Utilities							 GENKEY(1)

genkey - generate SSL certificates and certificate requests SYNOPSIS
genkey [--test] [--days count] [[--genreq] | [--makeca] | [--nss] | [--renew] | [--cacert]] {hostname} DESCRIPTION
genkey is an interactive command-line tool which can be used to generate SSL certificates or Certificate Signing Requests (CSR). Generated certificates are stored in the directory /etc/pki/tls/certs/, and the corresponding private key in /etc/pki/tls/private/. When using mod_nss the private key is stored in the nss database. Consult the nss.conf file in /etc/httpd/conf.d/ for the location of the database. genkey will prompt for the size of key desired; whether or not to generate a CSR; whether or not an encrypted private key is desired; the certificate subject DN details. genkey generates random data for the private key using the truerand library and also by prompting the user for entry of random text. nss indicates that mod_nss database should be used to store keys and certificates. OPTIONS
--makeca Generate a Certificate Authority keypair and certificate. --genreq Generate a Certificate Signing Request for an existing private key, which can be submitted to a CA (for example, for renewal). --renew Used with --genreq to indicate a renewal, the existing keypair will be used. Certs and keys must reside in the nss database, therefore --nss is also required. Pem file based cert renewal is not currently supported. --cacert The certificate renewal is for a CA, needed for openssl certs only. --days count When generating a self-signed certificate, specify that the number of days for which the certificate is valid be count rather than the default value of 30. --test For test purposes only; omit the slow process of generating random data. EXAMPLES
The following example will create a self-signed certificate and private key for the hostname # genkey --days 120 The following example will create a self-signed certificate and private key for the hostname which will be stored in cert and key in the nss database. If no nickname is given the tool will extract it from mod_nss's nss configuration file. # genkey --days --nss 120 The following example will generate a certificate signing request for a new mod_nss style cert specified by its nickname, Server-Cert: # genkey --genreq --nss --days 120 Server-Cert The following example will generate a certificate signing request for the renewal of an existing mod_nss cert specified by its nickname, Server-Cert: # genkey --genreq --renew --nss --days 120 Server-Cert FILES
/etc/pki/tls/openssl.cnf SEE ALSO
certwatch(1), keyrand(1) crypto-utils 2.4.1 9 June 2014 GENKEY(1)

Featured Tech Videos