©
本文档使用 PHP中文网手册 发布
(PHP 5 >= 5.2.2)
openssl_pkcs12_export — Exports a PKCS#12 Compatible Certificate Store File to variable.
$x509
, string &$out
, mixed $priv_key
, string $pass
[, array $args
] ) openssl_pkcs12_export() stores
x509
into a string named by
out
in a PKCS#12 file format.
x509
参见密钥/证书参数以获取有效值列表。
out
On success, this will hold the PKCS#12.
priv_key
Private key component of PKCS#12 file.
pass
Encryption password for unlocking the PKCS#12 file.
args
成功时返回 TRUE
, 或者在失败时返回 FALSE
。
[#1] Robert [2014-05-15 17:36:50]
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args = array(
'extracerts' => array(
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
// ...
)
);
?>
You can use this to prepare a PEM.
<?php
$pemChain = '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
[#2] ismael at privasy dot org [2014-04-24 09:38:41]
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format ,
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
[#3] Anonymous [2013-11-29 12:24:20]
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args = array(
'extracerts' => $CAcert,
'friendly_name' => 'My signed cert by CA certificate'
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
[#4] mryom [2011-03-29 23:01:32]
Example:
<?php
$key = openssl_pkey_get_private(Private_Key, Password);
openssl_pkcs12_export(Certificate, $iis, $key, Password);
?>
[#5] simoncpu was here [2010-05-11 02:28:55]
If your certificate is not password-protected, just use null or a blank string. Otherwise, this function won't work.