Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to define a particular purpose of an X509 certificate in PHP

Tags:

php

openssl

ssl-certificate

x509certificate

How can I set the purpose of an X.509 certificate to X509_PURPOSE_ANY in PHP 5.x?

The following code outputs this warning:

Warning: openssl_csr_new() [function.openssl-csr-new.php]: dn: X509_PURPOSE is not a recognized name in /home/www/index.php on line 45

PHP Script:

$Configs = array(       
        'config' => 'test.cnf',
        'digest_alg' => 'sha1',
        'x509_extensions' => 'v3_ca',
        'req_extensions' => 'v3_req',
        'private_key_bits' => 2048,
        'private_key_type' => OPENSSL_KEYTYPE_RSA,
        'encrypt_key' => true,
        'encrypt_key_cipher' => OPENSSL_CIPHER_3DES);

$ExtraAttribs = array('X509_PURPOSE' => 'X509_PURPOSE_ANY');

//create cert
$dn      = array('commonName' => 'Chief');
$privkey = openssl_pkey_new($Configs);
$csr     = openssl_csr_new($dn, $privkey, $Configs, $ExtraAttribs);

The last line is line 45.

like image 873
Mike Avatar asked Mar 07 '12 01:03

Mike

People also ask

What does x509 command do?

The x509 command is a multi purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a "mini CA" or edit certificate trust settings. Since there are a large number of options they will split up into various sections.

Does x509 certificate contains private key?

An X. 509 certificate consists of two keys, namely a public key and a private key. This key pair, depending upon the application, allows you to sign documents using the private key so that the intended person can verify the signature using the public key related to it.

Where are x509 certificates stored?

As previously mentioned, each must be signed by an issuer CA as part of the X. 509 verification process. The CA is named and stored in the root of the certificate. Additional intermediate certificates can be included in the trust chain and must be validated.

1 Answers

I cannot find any indication that X509 certificates have a "purpose". I can find only "Basic Constraints", "Key Usage" and "Enhanced Key Usage".

The closest thing I could find is http://www.openssl.org/docs/apps/verify.html which says

For compatibility with previous versions of SSLeay and OpenSSL a certificate with no trust settings is considered to be valid for all purposes.

like image 105
Martin Avatar answered Oct 09 '22 19:10

Martin
Sign in to Comment

Related questions

PHP PDO + Prepare Statement
How to escape url for fopen
Change file name to uniqid in PHP
How to get shipping info with Amazon's Product Advertising API
Image Gallery System - Which Approach is Better?
How to Create Multi level category hierarchy ( Category Tree ) - codeigniter
error handling in php, die vs exceptions
Correct PayPal Adaptive Payments flow in crowd-funding site. I'm stuck
Disable render process in lithium
Is there a better (lightweight) solution for autocomplete with php and codeigniter without jquery ui?
What are the alternative to PHP session variables?
Global vs function vs static class method
Swiftmailer mails go into SPAM Folder
APPPATH codeigniter doesnt work on server
UML Class Diagram Generator for PHP and/or Java
Wordpress: Get all values of a custom field
Codeigniter extends core class
Use ASP.NET membership in PHP
Create a ZIP Archive without compression? [closed]
php date from unix timestamp

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!