0

I have a table to generate Certificate Signing Request CSR like this

<table  width="100%" border="0" cellspacing="0" cellpadding="0">
            <tr> 
            <td class="TitleBar">Generate CSR</td>
            </tr>
        </table>
     <table  cellspacing="0" border="0" width="100%">

         <tr>               
            <td>Country Name(only two letters) :</td>
            <td >
            <input name="countryname" type="text"  id="countryname" MaxLength="2"/>
            </td>
        </tr>  
        <tr>                
            <td>State or Province Name :</td>
            <td> 
            <input name="province" type="text" id="province"/>
            </td>
         </tr>
         <tr>               
        <td>Locality Name :</td>
            <td >
            <input name="localityname" type="text"  id="localityname"/>
            </td>
        <tr>                
        <td>Organization Name :</td>
            <td> 
            <input name="organizationname" type="text" class="style16" id="organizationname"/>
            </td>
         </tr> 
         <tr>           
         <td>Organizational Unit Name :</td>
                <td > 
                <input name="organizationunit" type="text" id="organizationunit"/>
                </td>
         </tr>
         <tr>               
        <td>Common Name :</td>
            <td> 
            <input name="commonname" type="text"  id="commonname"/>
            </td>
         </tr>
            <tr>                
        <td>Email Address :</td>
            <td > 
            <input name="email" type="text"  id="email"/>
            </td>
         </tr>
            <tr>
            <td style="padding-top:15px padding-bottom:10px" align="right"> 
             <input name="gencsr" type="submit"  id="button" value="Generate CSR" class="FormButton" />
            </td>

            </tr></table>

After entering all information, i want to generate certificate signing request

In the following path what i can do?

#Generating a cert request
openssl req -new -nodes -out /portal/data/config/certificate/vendor/requests/couffin-req.pem -keyout /portal/data/config/certificate/vendor/requests/couffin-req.key -subj "/C=IN/ST=MAHARASHTRA/L=MUMBAI/O=Couffin Inc/OU=Sales/CN=www.couffin.itpl" -config /portal/data/config/certificate/vendor/openssl.cnf

#Signing a cert request
openssl ca -policy policy_anything -batch -out /portal/data/config/certificate/vendor/certs/couffin-cert.pem -config /portal/data/config/certificate/vendor/conf/openssl.cnf -infiles /portal/data/config/certificate/vendor/requests/couffin-req.pem

Note :- I want to do it in system command-line programs, please help

R.Shamon
  • 65
  • 1
  • 8
php
  • 23
  • 1
  • 4
  • 1
    Here is your answer: http://stackoverflow.com/questions/8341999/how-to-create-a-digital-certificate-and-export-to-p12-file-in-php – Roland Mar 05 '12 at 15:04

1 Answers1

6

Instead of calling command-line programs, you should use php's ssl module. To generate certificates with that, call the openssl_csr_new function.

phihag
  • 278,196
  • 72
  • 453
  • 469
  • 3
    @php Sorry. While we can help you with short programming tasks on stackoverflow, we can't write the whole application for you. Lay out your program in pseudo code (on paper, if you must, with no syntax). This should look like: 1. Parse submitted input (Hint: use `$_POST`) 2. Generate private key (Hint: use [`openssl_pkey_new`](http://php.net/manual/en/function.openssl-pkey-new.php)) 3. Generate CSR (See answer) 4. Present result to user/store it. If you have problems with *one* of those steps, feel free to ask a new question about it, but show what php code you've got so far. – phihag Sep 16 '11 at 11:07
  • :) I want to do with system command in php — Execute an external program and display the output – php Sep 16 '11 at 11:07
  • 3
    @php Well, if you really want an external program (why would you want to do that? It's way more complicated), use php's [`exec`](http://php.net/manual/en/function.exec.php) function to call it. – phihag Sep 16 '11 at 11:09
  • :) actualy i never used any of them but my boss tel me to do in system only ... so plz help me – php Sep 16 '11 at 11:11
  • 2
    @php If your boss tells you what php functions you should use, he's seriously over-micro-managing this. Ask him what's the advantage of command line functions over the built-in ones is (there might just be one). If he doesn't have a point, start looking for a better job. As I said, start by laying out pseudocode and then refine it step by step. Even if I wanted, I couldn't possibly write the whole php code you need. If you have a question about a *specific* step, feel free to ask in a new question. – phihag Sep 16 '11 at 11:15
  • 2
    @php I'm afraid you'll have to learn how to program php to program in php. I advise you to contact your boss and ask for php training, since you seem to be in way over your head. As I said, even if I wanted to code everything for you (and why should I? You're getting paid, not me), I couldn't since I don't know your exact setup, conditions, and requirements. – phihag Sep 16 '11 at 11:24
  • @phihag:) you there i want to ask something – John Sep 19 '11 at 08:42
  • @David Sure, ask away. I might not be able to answer immediately (may take some time, but somebody else might). – phihag Sep 19 '11 at 09:23
  • @phihag:) now i m using this command,in php.net Example #1 Creating a self-signed-certificate, here $dn is an array,nd i think i donot need an array, my Question is when i filled this table and after using $_POST what i can do means whr post? – John Sep 19 '11 at 09:35
  • @phihag:) as u told me my 1st step is POST (having some problem in that i have) now the next 2nd step Generate private key (Hint: use openssl_pkey_new) is already used in this example. nd ur 3rd step is to Generate CSR so i think i m able to generate when my POST working so can u plz help me ... – John Sep 19 '11 at 09:44
  • 1
    @David Start simple, start by adding `echo $_POST['countryname'];` to your php code and observing the result. – phihag Sep 19 '11 at 11:06
  • @phihag:)my boss again told me to do in system only i ask all questions .. and her ans is:- we r using system because built in ones will not be able to run the level of commands we want.We will have control over what commands we run with what parameters. – John Sep 19 '11 at 11:19
  • we dont want to run just that command. We wish to run other commands too. – John Sep 19 '11 at 11:19
  • @phihag :) so finaly i move to system again ... now can u plz sugest me through system ... – John Sep 19 '11 at 11:20
  • @David I'm sorry, but I don't understand you. Do you mean the [`system`](http://php.net/system) function? If so, `system` works just as `exec`, but it prints out the command's output instead of returning it. If by `level of commands`, your boss means that using external programs is preferable because they're more performant, I'd kindly explain that 1. Performance is unlikely to be an issue 2. php's `openssl_*` functions share the implementation with the `openssl` binary and 3. executing shell programs is slow due to the need for forking and potentially disk access. – phihag Sep 19 '11 at 17:46
  • @phihag:) Now i m tired .... dear i need ur help really .... so plzz plzz help me i m trying but not able to do that ... – John Sep 20 '11 at 18:52
  • @php I already answered that question in the third comment: use [`exec`](http://php.net/exec). – phihag Sep 21 '11 at 06:18
  • @phihag :) u have alots of experience in php and u r the only one who cooperate me ... i already told u that my boss call me to work through system only ... so plz sugest me through system only plzzzz, nd i know that u cannot provide me the whole code for me but atleast cooperate me, u know i m in gr8 pain now so its my humble req .. to u i never forget u i m in trouble .. now – php Sep 21 '11 at 06:23
  • my boss suggest me that firstly i have to make the form string (openssl) ... execute the string, check execute status , if successful execute second command, but i m newbie in php so unable to understand them but i know that everything is posible may be its hard or whatever it may be ... – php Sep 21 '11 at 06:27
  • @php If by system, you mean the [`system`](http://php.net/system) function, that works as well (as I said in the sixteenth comment). Call it like `$tmpName = './temporary-file'; system('openssl openssl req -new -nodes -out ' . escapeshellargs($tmpName). '...');`. But you should really be looking into programming education and/or training if you're struggling with these basics. I'm sorry, but I fail to see a specific question I could answer. Start with one step at a time, and read the [php tutorial](http://www.php.net/manual/en/tutorial.forms.php). – phihag Sep 21 '11 at 06:27
  • @phihag :) when i post this form (table) then my question is whr actually i need to post through system? string system ( string $command [, int &$return_var ] ) – php Sep 21 '11 at 06:40
  • @phihag now i found some of the code for certificate generation in php. but in this code they mainly use exec command now i want to replace this exec through system command and also my path for generate the certificate is different so can u suggest me, where i have to make the changes? if u want to see my code ? then i just edit in my Question? – John Sep 23 '11 at 08:34
  • @David The `system` and `exec` command are interchangeable if you're echoing the output of `exec`. If you have a clearly defined question (like a couple of lines), please ask it in a new question. In my opinion, this answer solves the original problem. – phihag Sep 23 '11 at 08:41
  • @phihag :) my boss provide me some codes in which he is used exec in the previous certification now i want to know where i have to make the change ? LIke can i directly replace exec through system ? – John Sep 23 '11 at 08:50
  • @David No offense, but you should rethink your approach to program development. First, develop a model what the program should do, and then make each step more specific until you reach actual code. `exec` is likely the more appropriate call, so *why* do you want to use `system` in the first place? Again, no offense, but it sounds like you could greatly benefit from programming training/education. – phihag Sep 23 '11 at 08:53
  • @phihag :) i m not Going to any offense, Realy i need ur help sry if u feel like that – John Sep 23 '11 at 08:55
  • @David You should **not** edit the question if you want to ask something else entirely. Leave it as a reference point on, well, *How to generate a certificate request in php*, and ask a new one where you describe *why* you want to use `system` instead of the `openssl_` functions. – phihag Sep 23 '11 at 08:55
  • @phihag:) Is it possible to use openssl_csr_new function. without any private key – John Sep 27 '11 at 09:22
  • @John Well, yes, it's possible, but it's pretty useless since you won't be able to ever do anything with the certificate. Normally, you generate the private key first, then derive the public key, then certify the public key, and then deploy all three (while keeping the private key private) to the system that uses them. – phihag Sep 27 '11 at 09:57
  • @John First, deployment means saving the key to a machine and notifying its user of the key's existence. That entirely depends on what and how you want to use your key. After your code, you should store the private key and send the CSR to a Certification Authority. Once you get the certificate back, store the private key, the certificate, and optionally the public key (which can be computed from the private one) at the place where you want to use them. – phihag Sep 27 '11 at 10:38
  • @John To get a string representation, have a look at the [`openssl_pkey_export`](http://php.net/manual/en/function.openssl-pkey-export.php) function. – phihag Sep 27 '11 at 10:39
  • @phihag :) my boss told me that we do not need private key in our case, now after filling this form make an string and run exec command and save in the following path how it is posible? – John Sep 27 '11 at 10:46
  • no need to make an array here, after filling this form store this in to string run exec command and save it as the given path as in my Question – John Sep 27 '11 at 10:53
  • @John You almost certainly **do** need the private key. As I said, a certificate is basically useless without the corresponding private key. To store something on disk, have a look at [`file_put_contents`](http://php.net/file_put_contents). – phihag Sep 27 '11 at 11:02
  • @phihag :) and also where i use exec () in ur 4 Steps 1st comment ? – John Sep 27 '11 at 12:23
  • @John The command-line openssl (via `exec`) will already write pem files. These are strings, and saved to the files you specify. – phihag Sep 27 '11 at 12:31
  • @phihag:) but i have to make an string like this "/C=IN/ST=MAHARASHTRA/L=MUMBAI/O=Couffin Inc/OU=Sales/CN=www.couffin.itpl" how can i make – John Sep 28 '11 at 03:47
  • @phihag:)can u plz see my new Question http://stackoverflow.com/questions/7579205/how-to-run-exec-command-in-php – John Sep 28 '11 at 08:16
  • @John Use [`openssl_csr_get_subject`](http://php.net/manual/en/function.openssl-csr-get-subject.php) will return an array that contains this information (the distinguished name). When you call `open_csr_new`, the first argument is this array. The [official documentation](http://php.net/manual/en/function.openssl-csr-new.php) contains an example. – phihag Sep 28 '11 at 08:19
  • @phihag:) I already told u that my boss says to me that we do require private key so, thats why i m not using this function open_csr_new otherwise, i can do that, well right now i want to execute directly through exec when i echo $str; it gives my result what i want, but when i m using this exec($str); it does not save in to an specific place. Actually it is very clear question – John Sep 28 '11 at 08:24
  • @John No offense, but your question may not be as clear as you think. First of all, stackoverflow deals with technical problems, not organizational ones - that's what [programmers.s-e](http://programmers.stackexchange.com/) is for. I answered your [other question](http://stackoverflow.com/questions/7579205/how-to-run-exec-command-in-php), but as you can see by the down and close votes, it may need some clarification. To get the DN information via the command line, use `openssl req -noout -text -in csr-file.csr`. You'll have to parse the result returned in the second parameter of `exec` though. – phihag Sep 28 '11 at 08:42
  • @phihag :)yup i can chk it certificate generate ... now after that i want to Signing a cert request so can u plz help me in coding please now i want to #Signing a cert request if sucesful, any help ....!! openssl ca -policy policy_anything -batch -out /portal/data/config/certificate/vendor/certs/couffin-cert.pem -config /portal/data/config/certificate/vendor/conf/openssl.cnf -infiles /portal/data/config/certificate/vendor/requests/couffin-req.pem – John Sep 28 '11 at 10:24
  • @John `openssl ca` is for CA management. You can simply sign it with `openssl x509 -req -days 3650 -in couffin-req.pem -signkey /certs/couffin-cert.pem -out signed.pem`. – phihag Sep 28 '11 at 10:28