<function>openssl_csr_sign</function> example - signing a <acronym>CSR</acronym> (how to implement your own CA)

openssl_csr_sign Sign a CSR with another certificate (or itself) and generate a certificate &reftitle.description; OpenSSLCertificatefalseopenssl_csr_sign OpenSSLCertificateSigningRequeststringcsr OpenSSLCertificatestringnullca_certificate #[\SensitiveParameter]OpenSSLAsymmetricKeyOpenSSLCertificatearraystringprivate_key intdays arraynulloptions&null; intserial0 stringnullserial_hex&null; openssl_csr_sign generates an x509 certificate from the given CSR. ¬e.openssl.cnf; &reftitle.parameters; csr A CSR previously generated by openssl_csr_new. It can also be the path to a PEM encoded CSR when specified as file://path/to/csr or an exported string generated by openssl_csr_export. ca_certificate The generated certificate will be signed by ca_certificate. If ca_certificate is &null;, the generated certificate will be a self-signed certificate. private_key private_key is the private key that corresponds to ca_certificate. days days specifies the length of time for which the generated certificate will be valid, in days. options You can finetune the CSR signing by options. See openssl_csr_new for more information about options. serial An optional the serial number of issued certificate. If not specified it will default to 0. serial_hex An optional hexadecimal string representing the serial number of the issued certificate. If set, it takes precedence over the serial parameter value. If not specified or set to &null;, the serial parameter value is used instead. &reftitle.returnvalues; Returns an OpenSSLCertificate on success, &false; on failure. &reftitle.changelog; &Version; &Description; 8.4.0 The serial_hex parameter is added. 8.0.0 On success, this function returns an OpenSSLCertificate instance now; previously, a &resource; of type OpenSSL X.509 was returned. 8.0.0 csr accepts an OpenSSLCertificateSigningRequest instance now; previously, a &resource; of type OpenSSL X.509 CSR was accepted. 8.0.0 ca_certificate accepts an OpenSSLCertificate instance now; previously, a &resource; of type OpenSSL X.509 was accepted. 8.0.0 private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a &resource; of type OpenSSL key or OpenSSL X.509 was accepted. &reftitle.examples; <function>openssl_csr_sign</function> example - signing a <acronym>CSR</acronym> (how to implement your own CA) 'sha256') ); // Now display the generated certificate so that the user can // copy and paste it into their local configuration (such as a file // to hold the certificate for their SSL server) openssl_x509_export($usercert, $certout); echo $certout; // Show any errors that occurred here while (($e = openssl_error_string()) !== false) { echo $e . "\n"; } ?> ]]>