openssl_csr_get_subject

(PHP 5 >= 5.2.0, PHP 7)

openssl_csr_get_subjectReturns the subject of a CSR

说明

array openssl_csr_get_subject ( mixed $csr [, bool $use_shortnames = true ] )

openssl_csr_get_subject() returns subject distinguished name information encoded in the csr including fields commonName (CN), organizationName (O), countryName (C) etc.

参数

csr

See CSR parameters for a list of valid values.

use_shortnames

shortnames controls how the data is indexed in the array - if shortnames is TRUE (the default) then fields will be indexed with the short name form, otherwise, the long name form will be used - e.g.: CN is the shortname form of commonName.

返回值

成功时返回 TRUE, 或者在失败时返回 FALSE

范例

Example #1 openssl_csr_get_subject() example

<?php
$subject 
= array(
    
"countryName" => "CA",
    
"stateOrProvinceName" => "Alberta",
    
"localityName" => "Calgary",
    
"organizationName" => "XYZ Widgets Inc",
    
"organizationalUnitName" => "PHP Documentation Team",
    
"commonName" => "Wez Furlong",
    
"emailAddress" => "wez@example.com",
);
$private_key openssl_pkey_new(array(
    
"private_key_bits" => 2048,
    
"private_key_type" => OPENSSL_KEYTYPE_RSA,
));
$configargs = array(
    
'digest_alg' => 'sha512WithRSAEncryption'
);
$csr openssl_csr_new($subject$privkey$configargs);
print_r(openssl_csr_get_subject($csr));
?>

以上例程的输出类似于:

Array
(
    [C] => CA
    [ST] => Alberta
    [L] => Calgary
    [O] => XYZ Widgets Inc
    [OU] => PHP Documentation Team
    [CN] => Wez Furlong
    [emailAddress] => wez@example.com
)

参见

User Contributed Notes

Steve 27-May-2016 09:51
This function may not return name fields in the order they appear in the certificate.  For example, this CSR:

-----BEGIN CERTIFICATE REQUEST-----
MIHsMIGUAgEAMDIxEDAOBgNVBAsMB3VuaXQgIzExDDAKBgNVBAoMA29yZzEQMA4G
A1UECwwHdW5pdCAjMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGvZnFxGuVzJ
hOKPs5RNxZBS4vY6ERaqm5tKMGOhxLSfv/dpjDtNNdSHkIGNjYxclHYhxG0ku7BY
PA5uPIjng1SgADAKBggqhkjOPQQDAgNHADBEAiB4GXhhbEU1UFTCe0dwJnKHTQuI
xzYL5FnyhmKdixN/0gIgBXSm9S8L/oJ6rBxemin/V/xKv5jy4TEZuz84nnshxQQ=
-----END CERTIFICATE REQUEST-----

When processed by 'openssl -noout -subject' gives this:

subject=/OU=unit #1/O=org/OU=unit #2

On the other hand, 'var_dump( openssl_csr_get_subject( "..." ) )' will produce this:

csr = array(2) {
  ["OU"]=>
  array(2) {
    [0]=>
    string(7) "unit #1"
    [1]=>
    string(7) "unit #2"
  }
  ["O"]=>
  string(3) "org"
}

As you can see, ordering information (which may be important for some applications) is lost.
pdm at wp dot pl 21-Aug-2015 07:11
openssl_csr_get_subject('somedomain.com',false);
return
array(7) {
  ["countryName"]=> string "XX"
  ["stateOrProvinceName"]=> string "xxxxxxxxx"
  ["localityName"]=> string "xxxxxxxx"
  ["organizationName"]=> string "xxxxxxxxx"
  ["organizationalUnitName"]=>string "xxxx"
  ["commonName"]=>string "xxx"
  ["emailAddress"]=>string "xxx"
}

 openssl_csr_get_subject('somedomain.com',true);
return
array(7) {
  ["C"]=> string "XX"
  ["ST"]=> string "xxxxxxxxx"
  ["L"]=> string "xxxxxxxx"
  ["O"]=> string "xxxxxxxxx"
  ["OU"]=>string "xxxx"
  ["CN"]=>string "xxx"
  ["emailAddress"]=>string "xxx"
}
mikko koivu 21-Jul-2010 06:10
this function does not yet return SANs (subject alternative names) fields for UC certificates like those used in exchange 2007.
stephan[at]strato-rz[dot]de 21-Jan-2009 10:13
The returning assoziative array is indexed with the fields
in the subject so you should have a array key named CN,OU and so on.