ScotlandPHP

openssl_pkcs12_export

(PHP 5 >= 5.2.2, PHP 7)

openssl_pkcs12_exportExports a PKCS#12 Compatible Certificate Store File to variable.

Descrierea

bool openssl_pkcs12_export ( mixed $x509 , string &$out , mixed $priv_key , string $pass [, array $args ] )

openssl_pkcs12_export() stores x509 into a string named by out in a PKCS#12 file format.

Parametri

x509

Accesați Parametrii cheilor/certificatelor pentru a obține lista valorilor valide.

out

On success, this will hold the PKCS#12.

priv_key

Private key component of PKCS#12 file.

pass

Encryption password for unlocking the PKCS#12 file.

args

Optional Array, provide an key "extracerts" with as value an array of extra certificates or a single certificate to be included in the PKCS#12 file. Provide an key "friendlyname" with as value an string to be used for the supplied certificate and key.

Valorile întoarse

Întoarce valoarea TRUE în cazul succesului sau FALSE în cazul eșecului.

add a note add a note

User Contributed Notes 5 notes

up
1
simoncpu was here
7 years ago
If your certificate is not password-protected, just use null or a blank string.  Otherwise, this function won't work.
up
1
Robert
3 years ago
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args
= array(
   
'extracerts' => array(
       
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
       
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
       
// ...
       
)
    );
?>

You can use this to prepare a PEM.

<?php
$pemChain
= '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
0
ismael at privasy dot org
3 years ago
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format , 

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
up
0
Anonymous
3 years ago
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args
= array(
              
'extracerts' => $CAcert,
              
'friendly_name' => 'My signed cert by CA certificate'
             
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
-3
mryom
6 years ago
Example:

<?php
$key
= openssl_pkey_get_private(Private_Key, Password);

openssl_pkcs12_export(Certificate, $iis, $key, Password);
?>
To Top