创建自签名证书的波纹管代码的perl中的等效示例是什么?
我所有可用的是Crypt :: OpenSSL :: RSA(如果有另一个模块让我知道,所以我可以验证它是可用的还是可以安装的,因为我不是管理员/所有者而且由于我不能自己做权利问题)我没有在文件中找到如何实现这样的...我确实想尽可能避免命令行命令,但如果它是创建这个的最后手段...
<?php
// The certificate password
$passphrase = "some random password";
// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$certificateInfo = array(
"countryName" => "UK",
"stateOrProvinceName" => "England",
"localityName" => "London",
"organizationName" => "blabla",
"organizationalUnitName" => "Bla bla Developer's Team",
"commonName" => "blabla.com",
"emailAddress" => "support@blabla.com"
);
$configargs = array(
'digest_alg' => 'sha1',
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA,
'encrypt_key' => true
);
// Generate a new private (and public) key pair
$privkey = null;
// Generate a certificate signing request
$csr = openssl_csr_new($certificateInfo, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365, $configargs);//, $configArgs
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
openssl_csr_export($csr, $csrout);
openssl_x509_export($sscert, $certout);
openssl_pkey_export($privkey, $pkeyout, $passphrase);
?>
答案 0 :(得分:0)
大多数Perl模块,包括您找到的常见Crypt :: OpenSSL :: RSA模块,都只是围绕openssl命令的包装。
因此,我建议您首先考虑所需的数据以及如何在命令行上完成。有一些很棒的examples和tutorials。
然后,如果您想从Perl执行此操作,则可以调整example code from Crypt::OpenSSL::RSA或从OpenCA::OpenSSL (another popular module for integrating OpenSSL commands)调整以包含所需的值和设置。
或者,每个OpenSSL安装都包含一个名为CA.pl的Perl脚本:这也是一个很好的地方,可以根据自己的需要调整示例并进行调整。 (在基于Debian的服务器上,它安装在/usr/lib/ssl/misc/CA.pl,但可能会有所不同。)
答案 1 :(得分:0)
试试OpenCA::OpenSSL。我认为这应该做你需要的。
答案 2 :(得分:0)
你可以尝试Crypt::OpenSSL::CA,initial example似乎或多或少地做你想要的。您可能需要先通过其他方式生成密钥对,可能通过Crypt :: OpenSSL :: RSA。