2

I'm trying to generate a private/public key pair with php.

Server: Apache/2.4.3 (Win32) OpenSSL/1.0.1c PHP/5.4.7

OS is Windows XP SP3 with all windows updates installed.

I'm trying to execute the following script:

<?php

$ssl_path = getcwd();
$ssl_path = preg_replace('/\\\/','/', $ssl_path);  // Replace \ with /

$config = array(
    'config'           => "$ssl_path/openssl.cnf",
    'private_key_bits' => 1024, 
    'private_key_type' => OPENSSL_KEYTYPE_RSA
);

$dn = array(
   "countryName"            => "AT",
   "stateOrProvinceName"    => "Vienna",
   "localityName"           => "Cambs",
   "organizationName"       => "UniServer",
   "organizationalUnitName" => "Demo",
   "commonName"             => "localhost",
   "emailAddress"           => "[email protected]"
);

$privateKey = openssl_pkey_new($config);
$csr = openssl_csr_new($dn, $privateKey, $config);
$sscert = openssl_csr_sign($csr, NULL, $privateKey, 365, $config);
openssl_pkey_export_to_file($privateKey, "C:/server.key", NULL, $config);
openssl_x509_export_to_file($sscert,  "C:/server.crt", FALSE);
openssl_csr_export_to_file($csr, "C:/server.csr");
$keyDetails = openssl_pkey_get_details($privateKey);
file_put_contents('C:/public.key', $keyDetails['key']);

?>

This is my openssl.cnf:

#######################################################################
# File name: openssl.cnf
# Created By: The Uniform Server Development Team
########################################################################

#
# OpenSSL configuration file.
#

# Establish working directory.
dir         = .

[ req ]
default_bits            = 1024
default_md              = sha1
default_keyfile         = privkey.pem
distinguished_name      = req_distinguished_name
x509_extensions         = v3_ca
string_mask             = nombstr

[ req_distinguished_name ]
countryName             = Country Name (2 letter code)
countryName_min         = 2
countryName_max         = 2
stateOrProvinceName     = State or Province Name (full name)
localityName            = Locality Name (eg, city)
0.organizationName      = Organization Name (eg, company)
organizationalUnitName  = Organizational Unit Name (eg, section)
commonName              = Common Name (eg, YOUR fqdn)
commonName_max          = 64
emailAddress            = Email Address
emailAddress_max        = 64

[ ssl_server ]
basicConstraints        = CA:FALSE
nsCertType              = server
keyUsage                = digitalSignature, keyEncipherment
extendedKeyUsage        = serverAuth, nsSGC, msSGC
nsComment               = "OpenSSL Certificate for SSL Web Server"

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage         = nonRepudiation, digitalSignature, keyEncipherment

[ v3_ca ]
basicConstraints        = critical, CA:true, pathlen:0
nsCertType              = sslCA
keyUsage                = cRLSign, keyCertSign
extendedKeyUsage        = serverAuth, clientAuth
nsComment               = "OpenSSL CA Certificate"

When i try to execute this script apache crashes and restarts. What's causing this problem?

BTW: Same error occurs if i try to use the phpseclib0.3.1 lib.

Many thanks in advance!

Improve this question
1
  • i forgot to add; the function that crashes apache is openssl_pkey_get_details() Commented Nov 28, 2012 at 11:26

1 Answer 1

Reset to default
2

In my experience openssl_pkey_get_details() requires an X.509 cert to get the public key - not a private key (despite what the documentation says).

Might actually be easier to do all this with phpseclib, a pure PHP X.509 implementation. eg.:

http://phpseclib.sourceforge.net/x509/examples.html#selfsigned

<?php
include('File/X509.php');
include('Crypt/RSA.php');

// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);

$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();

$subject = new File_X509();
$subject->setDN(array(
    "countryName"            => "AT",
    "stateOrProvinceName"    => "Vienna",
    "localityName"           => "Cambs",
    "organizationName"       => "UniServer",
    "organizationalUnitName" => "Demo",
    "commonName"             => "localhost",
    "emailAddress"           => "[email protected]"
 ));
$subject->setPublicKey($pubKey);

$issuer = new File_X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());

$x509 = new File_X509();

$result = $x509->sign($issuer, $subject);

$csr = $issuer->signCSR();
$csr = $x509->saveCSR($csr);

file_put_contents("C:/server.key", $privKey->getPrivateKey());
file_put_contents("C:/server.crt", $x509->saveX509($result));
file_put_contents('C:/public.key', $privKey->getPublicKey());
file_put_contents("C:/server.csr", $csr);
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.