The openssl_pkcs12_export_to_file() function is an inbuilt function in PHP which is used to store x509 into a file named by filename in a PKCS#12 file format. PKCS12 is Public-Key Cryptography Standards which defines an archive-file format for storing server certificates.
Syntax:
bool openssl_pkcs12_export_to_file( mixed $x509, string $filename,
mixed $priv_key, string $pass [, array $args ])
Parameters: This function accepts two parameters as mentioned above and described below:
- $x509: This parameter is a standard defining the format of the public key certificates.
- $filename: This parameter is the path of the output file.
- $priv_key: This parameter is used for the private key that matches the dessert “priv_key”. The private key is a component of the PKCS # 12 file.
- $pass: This parameter is used for the encryption password for unlocking the PKCS#12 file.
- $args: This parameter stands for the arguments and variables which are values representing something else.
Return Values: This function returns TRUE on success or FALSE on failure.
Below program illustrates the openssl_pkcs12_export_to_file() function in PHP:
Program:
PHP
<?php$dn = array( "countryName" => 'xx', "stateOrProvinceName" => 'uttar prradesh', "localityName" => 'varanasi', "organizationName" => 'neveropen', "organizationalUnitName" => 'neveropen team', "commonName" => 'people', "emailAddress" => 'user@neveropen.com'); $privateKeyPass = 'abcd1234';$numberOfDays = 108; $privateKey = openssl_pkey_new();$csr = openssl_csr_new($dn, $privateKey); // Create a csr file, change null// to a filename to save$sscert = openssl_csr_sign($csr, null, $privateKey, $numberOfDays); // On success $publicKey will // hold the PEM content openssl_x509_export($sscert, $publicKey); // Export the privateKey as a PEM contentopenssl_pkey_export($privateKey, $privateKey, $privateKeyPass); $filename = dirname(__FILE__) . '/certificate.pfx'; // Parses the $privateKey and used // by openssl_pkcs12_export_to_file$key = openssl_pkey_get_private( $privateKey, $privateKeyPass); // Save the pfx file to $filenameopenssl_pkcs12_export_to_file($sscert, $filename, $key, $privateKeyPass);?> |
Output:
people Identity: people Verified by: people Expires: Wednesday 16 December 2020 Subject Name C (Country): xx ST (State): uttar pradesh L (Locality): varanasi O (Organization): neveropen OU (Organizational Unit): neveropen team CN (Common Name): people EMAIL (Email Address): user@neveropen.com Issuer Name C (Country): xx ST (State): uttar pradesh L (Locality): varanasi O (Organization): neveropen OU (Organizational Unit): neveropen team CN (Common Name): people EMAIL (Email Address): user@neveropen.com Issued Certificate Version: 3 Serial Number: 00 Not Valid Before: 2020-08-30 Not Valid After: 2020-12-16 Certificate Fingerprints SHA1: 95 D9 8E BB C0 9A 6D 33 C7 98 07 B9 36 F7 12 8E BB 54 4B 50 MD5: 64 7D 63 13 EB 80 55 C2 9D F8 41 DF 0E 7E 75 54 Public Key Info Key Algorithm: RSA Key Parameters: 05 00 Key Size: 2048 Key SHA1 Fingerprint: 25 F6 E2 26 5E 1E 7D B1 10 82 02 9D F3 05 1A 72 3B C4 9B 7C Public Key: 30 82 01 0A 02 82 01 01 00 C4 CC 93 62 F9 D2 C9 39 5F F1 15 13 A2 2D 34 93 4C AD 45 E8 7E AE CE 24 C6 FA 2B 99 6B FE B7 F7 30 D6 95 DA 3A 1C FB 1E BC 8F A6 C6 9D A4 03 3E 46 16 56 AB A5 78 32 2A C3 D3 FA 79 C 3 5B 38 02 07 22 E6 6C 51 C9 B9 5C 44 AE 65 D3 0F ED F9 80 F4 1D 01 66 11 8A E1 78 55 DA C2 2E 72 3E 8E D3 D2 CB 4C 40 0B 0E 55 BD EF 26 A1 21 E7 62 43 39 4B EF EE EB 85 40 11 E3 A9 44 D8 B2 FB 1B 46 13 1E 25 A0 8E 9D F3 BA 1B F7 80 A8 1A 87 97 20 CE C0 1E 45 11 9A 94 F0 68 71 BA 7B 86 5F A8 55 69 E8 D4 C1 D0 E0 75 72 7E 3E A1 6D B4 8B 2A 8C D2 69 2D E2 F8 F4 09 8A 8B 42 1E 1B C1 93 66 06 A8 AD FF 31 3F E5 D9 10 07 A8 AC 7E B9 69 9E CA 67 1B 83 99 5E 3E 58 26 28 60 A5 BC 45 92 4A C4 A3 16 6B 33 62 E4 AA 77 FA 28 90 01 40 2F 0E 7D D8 B7 3C E9 A6 B3 25 DB 07 E1 0F D6 CE 0E B4 42 B3 02 03 01 00 01 Subject Key Identifier Key Identifier: 03 D6 83 8F E6 36 C2 08 39 F5 2B 0C D2 FA 17 3C 21 32 C6 EF Critical: No Extension Identifier: 2.5.29.35 Value: 30 16 80 14 03 D6 83 8F E6 36 C2 08 39 F5 2B 0C D2 FA 17 3C 21 32 C6 EF Critical: No Basic Constraints Certificate Authority: Yes Max Path Length: Unlimited Critical: Yes Signature Signature Algorithm: SHA1 with RSA Signature Parameters: 05 00 Signature: B2 D0 04 4E 62 8F 8F 30 7D 19 62 6E AB 6F AC 01 0A 2C 11 A6 19 09 73 21 35 74 89 3A ED CB 91 2E E4 50 77 CC 1A E9 7E 43 B5 E6 83 6F 3E EC 0F 5A 91 EB C4 99 37 08 76 12 2D 26 95 AD F6 7B A7 3F 42 CE 4F 5E 1A C6 DD 71 66 73 30 2A 87 FB CC BE 7C B9 82 AA 09 AE 88 EC D4 C4 78 20 6B FA 08 B4 65 C3 D1 1D BB 78 B9 4B B2 E7 00 3C 62 4B EF 74 4B 2D BE 15 BD E1 A0 DE 9B 82 2B 24 F8 01 CD 90 30 C9 2F 87 6C B5 85 54 84 F3 7F A4 5C 3F 74 22 B1 3E 60 DB 81 4C C1 23 52 00 FD 4D 53 F3 02 17 EE AE E8 1F 24 02 81 DF B7 49 EA 8B 93 41 78 DA 4D 9E 34 B2 F4 E0 68 69 AA A9 0E ED 17 04 EA 6F FD C2 27 96 BC 1C A2 53 E8 80 AE 51 D1 F2 00 34 44 A0 5E AE F4 35 E4 CB 1D 61 F8 CB 25 B4 28 7C 7A 5C 82 8A 08 7B A2 DB E9 BA 67 CC FB C6 34 D3 D5 2D 8C C6 12 7F 5C BF 18 FA 7D CA 40 67 17 15 certificate.pfx Private RSA Key Strength: 2048 bits Algorithm: RSA Size: 2048 Fingerprints SHA1: 25 F6 E2 26 5E 1E 7D B1 10 82 02 9D F3 05 1A 72 3B C4 9B 7C SHA256: D8 63 1A 26 8D AE 7D 56 67 48 6E AA D3 8D B1 D7 8F 4A C2 C4 D6 D8 58 BA 32 53 AB D1 93 72 40 6F
Reference: https://www.php.net/manual/en/function.openssl-pkcs12-export-to-file.php
