PHP 7.2.0 Release Candidate 4 Released

openssl_pkcs12_export

(PHP 5 >= 5.2.2, PHP 7)

openssl_pkcs12_exportExports a PKCS#12 Compatible Certificate Store File to variable.

Descrição

bool openssl_pkcs12_export ( mixed $x509 , string &$out , mixed $priv_key , string $pass [, array $args ] )

openssl_pkcs12_export() stores x509 into a string named by out in a PKCS#12 file format.

Parâmetros

x509

Veja Key/parâmetros de certificado para uma lista de valores válidos.

out

On success, this will hold the PKCS#12.

priv_key

Private key component of PKCS#12 file.

pass

Encryption password for unlocking the PKCS#12 file.

args

Optional Array, provide an key "extracerts" with as value an array of extra certificates or a single certificate to be included in the PKCS#12 file. Provide an key "friendlyname" with as value an string to be used for the supplied certificate and key.

Valor Retornado

Retorna TRUE em caso de sucesso ou FALSE em caso de falha.

add a note add a note

User Contributed Notes 5 notes

up
1
simoncpu was here
7 years ago
If your certificate is not password-protected, just use null or a blank string.  Otherwise, this function won't work.
up
1
Robert
3 years ago
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args
= array(
   
'extracerts' => array(
       
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
       
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
       
// ...
       
)
    );
?>

You can use this to prepare a PEM.

<?php
$pemChain
= '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
0
ismael at privasy dot org
3 years ago
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format , 

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
up
0
Anonymous
3 years ago
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args
= array(
              
'extracerts' => $CAcert,
              
'friendly_name' => 'My signed cert by CA certificate'
             
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
-3
mryom
6 years ago
Example:

<?php
$key
= openssl_pkey_get_private(Private_Key, Password);

openssl_pkcs12_export(Certificate, $iis, $key, Password);
?>
To Top