How i can create a self-signed certificate using phpseclib

Question

How i can create a self-signed certificate using phpseclib from a existing .csr file, only i can use a .csr file.

I've read the manual and the method use a private key, but in my assignment i only can use a .csr file.

I hope you can help me.

Here's my code:

 0)
    {
        echo "Return Code: " . $_FILES["file"]["error"] . "
";
    }
    else
    {
        //This is the content of the file   
        $csr = file_get_contents($_FILES["file"]["name"]);
    }

    // create private key / x.509 cert for stunnel / website
    $privKey = new Crypt_RSA();
    extract($privKey->createKey());
    $privKey->loadKey($privatekey);

    $pubKey = new Crypt_RSA();
    $pubKey->loadKey($publickey);
    $pubKey->setPublicKey();

    $subject = new File_X509();
    $subject->loadCSR('...'); // see csr.pem
    // calling setPublicKey() is unnecessary when loadCSR() is called

    $issuer = new File_X509();
    $issuer->setPrivateKey($privKey);
    $issuer->setDN($subject->getDN());

    $x509 = new File_X509();
    //$x509->setStartDate('-1 month'); // default: now
    //$x509->setEndDate('+1 year'); // default: +1 year

    $result = $x509->sign($issuer, $subject);
    echo "the stunnel.pem contents are as follows:

";
    echo $privKey->getPrivateKey();
    echo "
";
    echo $x509->saveX509($result);
    echo "
"; 

?>

neubert · Accepted Answer

You need a private key, plain and simple. Otherwise, what are you going to sign it with? The signature field of an X.509 cert is mandatory.

I mean, if all you want is a public key, you don't need to bother with the X.509 overhead. You can just pony up a public key that looks like this:

But X.509 is more than just a public key - it's a signed public key. Technically, a CSR is, too, but CSR's are always self-signed whereas X.509 certs can be signed by anyone.

How i can create a self-signed certificate using phpseclib

Answers (1)

Related Questions