openssl_pkcs12_export

(PHP 5 >= 5.2.2, PHP 7)

openssl_pkcs12_export — Exports a PKCS#12 Compatible Certificate Store File to variable.

说明

bool openssl_pkcs12_export ( mixed $x509 , string &$out , mixed $priv_key , string $pass [, array $args ] )

openssl_pkcs12_export() stores x509 into a string named by out in a PKCS#12 file format.

参数

x509

参见密钥／证书参数以获取有效值列表。

out

On success, this will hold the PKCS#12.

priv_key

Private key component of PKCS#12 file. See Public/Private Key parameters for a list of valid values.

pass

Encryption password for unlocking the PKCS#12 file.

args

Optional array, other keys will be ignored.

Key	说明
"extracerts"	array of extra certificates or a single certificate to be included in the PKCS#12 file.
"friendlyname"	string to be used for the supplied certificate and key

返回值

成功时返回 TRUE，或者在失败时返回 FALSE。

User Contributed Notes

Robert 16-May-2014 02:36


If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:

<?php

$args = array(

    'extracerts' => array(

        0 => '-----BEGIN CERTIFICATE----- cert1 ...',

        1 => '-----BEGIN CERTIFICATE----- cert2 ...',

        // ...

        )

    );

?>



You can use this to prepare a PEM.



<?php

$pemChain = '...';

preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);

$args = array('extracerts' => $matches[0]);

openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);

?>

ismael at privasy dot org 24-Apr-2014 06:38


in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format ,  



-----BEGIN RSA PRIVATE KEY-----

-----END RSA PRIVATE KEY-----



-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----



else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"

Anonymous 29-Nov-2013 09:24


If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.

<?php

$args = array(

               'extracerts' => $CAcert,

               'friendly_name' => 'My signed cert by CA certificate'

              );

openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);

?>

mryom 30-Mar-2011 08:01


Example:





<?php


$key = openssl_pkey_get_private(Private_Key, Password);





openssl_pkcs12_export(Certificate, $iis, $key, Password);


?>

simoncpu was here 11-May-2010 11:28


If your certificate is not password-protected, just use null or a blank string.  Otherwise, this function won't work.