使用php创建CSR会产生错误的主题

时间:2015-10-25 09:10:57

标签: php openssl csr

PHP似乎根据某些内容向主题添加字段。

<?php
$config=array(
    "private_key_bits" => 2048,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$privkey = openssl_pkey_new($config);

$csr = openssl_csr_new(array("C"=>"FI"), $privkey);

openssl_csr_export($csr, $csrout);
echo($csrout);
?>

当运行支票时,&#34; ST = Some-State,O = Internet Widgits Pty Ltd&#34;无处不在:

$ php test.php > /tmp/foo3 
$ openssl req -in /tmp/foo3 -noout -text
Certificate Request:
    Data:
    Version: 0 (0x0)
    Subject: C=FI, ST=Some-State, O=Internet Widgits Pty Ltd
    Subject Public Key Info:
        Public Key Algorithm: rsaEncryption
        RSA Public Key: (2048 bit)
            Modulus (2048 bit):
                00:b8:60:b6:29:74:88:9d:d9:4a:3b:c4:c6:73:e5:
                f9:3d:ca:8e:0e:21:c6:77:a3:ec:5b:84:5b:08:5c:
                92:8f:9b:e3:07:84:1c:19:8c:47:a3:57:95:cf:80:
                9f:40:fe:40:9c:2b:9a:cb:e1:96:1f:21:af:59:a0:
                20:7e:b9:14:63:52:fe:98:0d:a6:84:e4:f0:e5:55:
                89:df:06:69:04:f6:65:cf:ed:57:b7:e3:68:01:55:
                95:66:dd:ff:e1:d2:e7:30:fe:72:3f:e4:63:eb:2b:
                6a:c2:11:e4:43:11:e6:e5:bd:ae:06:cc:1e:70:b6:
                52:b8:27:20:3d:f7:6c:01:53:96:98:83:a9:09:5a:
                74:b3:31:e8:ed:e3:d0:18:ba:b9:11:4e:11:f5:a3:
                50:12:b6:4d:6a:17:a3:24:05:d9:c9:d5:c6:f8:b8:
                01:c8:aa:76:8b:8d:cf:15:60:f7:85:2e:50:a5:a8:
                44:56:a9:10:2e:93:dc:52:2e:82:d1:52:ac:ba:a5:
                02:86:e7:23:41:8f:dc:98:df:b8:e9:53:66:a2:26:
                6f:65:a9:db:1c:81:7c:36:ba:1f:4e:4e:f4:b0:31:
                bc:8d:b0:55:24:24:1f:b6:42:27:85:b8:56:6e:94:
                47:dd:59:3c:11:5c:4e:2c:74:5e:5f:36:15:62:9c:
                dd:41
            Exponent: 65537 (0x10001)
    Attributes:
        a0:00
Signature Algorithm: sha1WithRSAEncryption
    b5:4d:55:42:bd:01:a0:06:8e:c2:56:0f:18:97:66:f1:de:3e:
    53:89:22:4d:ea:89:04:03:3a:27:75:b3:32:b1:7a:27:b5:d5:
    ee:b8:e6:92:47:ed:3b:0f:a9:99:6a:11:4f:30:7c:2c:0e:23:
    f4:aa:46:f1:d0:1c:4f:a1:75:bc:97:26:15:1d:09:52:eb:76:
    1d:2a:ed:5f:6d:b7:f9:3f:f7:93:29:14:0f:41:cc:c8:1f:01:
    7d:ac:5a:d1:81:21:4b:4e:5d:8f:d3:bc:70:c3:ab:15:a2:53:
    e6:4d:41:9b:5e:cb:e1:88:c1:01:5c:a2:1d:52:a3:ee:f2:ae:
    d8:7e:4b:f7:20:6a:19:ab:eb:1a:f9:ba:d3:4f:3a:03:9b:95:
    52:c6:59:57:f4:86:11:be:c0:9a:3a:7e:8c:50:bc:3b:d3:5f:
    da:97:36:66:98:85:08:d8:0b:7f:32:c4:96:8f:70:c8:0b:ff:
    3e:6a:2c:0f:39:85:ba:81:df:cc:11:27:20:9c:0a:c6:a6:c3:
    17:72:77:69:73:68:e4:4f:70:6a:36:de:8d:60:fc:b1:c6:e9:
    ae:77:1a:45:f5:0e:50:c7:c5:01:58:bf:a0:fe:3b:90:22:7b:
    cb:3b:93:2c:8c:5f:47:0a:93:7d:8e:c4:2c:6c:0f:e7:b1:53:
    b1:e7:c4:d0

问题是:如何完全控制CSR主题,以便PHP不会在那里添加任何新条目?

如果在命令行中使用openssl,则可以正常工作:

$ openssl req -new -sha256 -key ~/test.key -out ~/test.csr -subj "/C=FI"
$ openssl req -in test.csr -noout -text
Certificate Request:
Data:
    Version: 0 (0x0)
    Subject: C=FI

0 个答案:

没有答案