21,886
社区成员
发帖
与我相关
我的任务
分享
<?php
if($_POST["type"]=="cert"){
// header('Content-Type: text/html; charset=utf-8');
//define("DIR","");//配置当前PHP程序目录
$dn = array(
"countryName" => $_POST["countryName"], //所在国家名称
"stateOrProvinceName" => $_POST["stateOrProvinceName"], //所在省份名称
"localityName" => $_POST["localityName"], //所在城市名称
"organizationName" => $_POST["organizationName"], //注册人姓名
"organizationalUnitName" => $_POST["organizationalUnitName"], //组织名称
"commonName" => $_POST["commonName"], //公共名称
"emailAddress" => $_POST["emailAddress"]?$_POST["emailAddress"]:"None"
//邮箱
);
// var_dump($dn);
$privkeypass = $_POST["pwd"]; //私钥密码
$numberofdays= $_POST["day"]; //有效时长
$config = array(
"digest_alg" => "sha256",
"private_key_bits" => 4096, //字节数 512 1024 2048 4096 等
"private_key_type" => OPENSSL_KEYTYPE_RSA, //加密类型
"config" => getcwd()."/openssl.cnf"
);
$res = openssl_pkey_new($config);
$cert=null;
$csr = openssl_csr_new($dn, $res,$config);//生成CSR
$jg["a1"]=openssl_pkey_export($res, $private_key,$privkeypass,$config);
$sscert = openssl_csr_sign($csr,$cert, $res, $numberofdays,$config);//用另一个证书签署 CSR (或者本身) 并且生成一个证书 $key为另一个crt证书的路径
$jg["a2"]=openssl_x509_export($sscert,$newCrtStr);
$jg["a3"]=openssl_csr_export($csr,$newCsr);
$newCsrFile = fopen("./tmp/newCsr.csr", "w");
$newKeyFile = fopen("./tmp/newKey.pem", "w");
$newCrtFile = fopen("./tmp/newCrt.crt", "w");
fwrite($newCsrFile, $newCsr);
fwrite($newKeyFile, $private_key);
fwrite($newCrtFile, $newCrtStr);
$jg["f1"]=fclose($newCsrFile);
$jg["f2"]=fclose($newKeyFile);
$jg["f3"]=fclose($newCrtFile);
$jg["code"]=1;
header('Content-type: application/json');
exit(json_encode($jg));
}else if($_POST["type"]=="p12"){
$private_key_pwd=$_POST["keyPwd"];
$p12_pwd=$_POST["p12Pwd"];
if(!isset($_FILES["crtFile"])){exit("文件超过规定大小");}
if(!isset($_FILES["keyFile"])){exit("文件超过规定大小");}
if($_FILES["crtFile"]["error"]!==0){exit("证书文件未选取");}
if($_FILES["keyFile"]["error"]!==0){exit("KEY文件未选取");}
$crtFile=$_FILES["crtFile"];
$keyFile=$_FILES["keyFile"];
if(isset($crtFile) && $crtFile["error"]==0){
$new_fileName="./tmp/up_crt.crt";
$crtFile_dir=move_uploaded_file($crtFile["tmp_name"],$new_fileName);
if($crtFile_dir){$crtFile_dir=$new_fileName;}
}
if(isset($keyFile) && $keyFile["error"]==0){
$new_fileName="./tmp/up_crtkey.pem";
$keyFile_dir=move_uploaded_file($keyFile["tmp_name"],$new_fileName);
if($keyFile_dir){$keyFile_dir=$new_fileName;}
}
$private_key=openssl_get_privatekey(file_get_contents($keyFile_dir),$private_key_pwd);
if($private_key){
openssl_pkcs12_export(file_get_contents($crtFile_dir),$p12Str,$private_key,$p12_pwd);
header('Content-Disposition: attachment; filename=P12证书文件.p12');
header('Content-Type: application/x-pkcs12');
header('Content-Length: '.strlen($p12Str));
echo $p12Str;
}else{
echo "私钥文件读取失败";
}
}else if($_POST["type"]=="p12Read"){
if(!isset($_FILES["p12File"])){exit("文件超过规定大小");}
$p12File=$_FILES["p12File"];
if(isset($p12File) && $p12File["error"]==0){
$new_fileName="./tmp/up_p12.p12";
$p12File_dir=move_uploaded_file($p12File["tmp_name"],$new_fileName);
if($p12File_dir){$p12File_dir=$new_fileName;}
$jg=openssl_pkcs12_read(file_get_contents($p12File_dir),$cert,$_POST["pwd"]);
if($jg){
header('Content-Type: text/html; charset=utf-8');
echo "操作成功,点击下载(或右键另存为)<br>";
echo "<a download='cert.crt' href='data:application/x-x509-ca-cert;base64,".base64_encode($cert["cert"])."'>cert.crt</a><br>";
echo "<a download='key.pem' href='data:text/plain;base64,".base64_encode($cert["pkey"])."'>key.pem</a>";
}else{
echo "P12文件读取失败";
}
}
}
exit();
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>openssl PHP版</title>
<script type="text/javascript" src="../jquery.min.js"></script>
</head>
<body>
<div>
<dl style="float: left;">
<td>生成证书和key文件</td>
<dd>国家名称:<input placeholder="CN" type="text" name="countryName"></dd>
<dd>省份名称:<input placeholder="Inner Mongolia" type="text" name="stateOrProvinceName"></dd>
<dd>城市名称:<input placeholder="Hohhot" type="text" name="localityName"></dd>
<dd>组织名称:<input placeholder="None" type="text" name="organizationalUnitName"></dd>
<dd>注册名称:<input placeholder="None" type="text" name="organizationName"></dd>
<dd>公共名称:<input placeholder="" type="text" name="commonName"></dd>
<dd>邮 箱:<input type="text" name="emailAddress"></dd>
<dd>有 效 期:
<select id="validity">
<option value="1">1年</option>
<option value="3">3年</option>
<option value="5">5年</option>
<option value="10">10年</option>
</select>
</dd>
<dd>密 码:<input placeholder="选填" type="text" name="pwd"></dd>
<dd><button onclick="new_cert('cert')">生成</button></dd>
</dl>
<dl style="float: left;">
<form action="./sslApi.php" method="POST" target="_blank" enctype="multipart/form-data">
<input type="hidden" name="type" value="p12">
<dt>根据证书及key生成客户端p12文件</dt>
<dd>证书(crt)文件:<input type="file" name="crtFile"></dd>
<dd>私钥(key)文件:<input type="file" name="keyFile"></dd>
<dd>私钥(key)密码:<input type="text" name="keyPwd"></dd>
<dd>新p12文件密码:<input type="text" placeholder="选填" name="p12Pwd"></dd>
<!-- <dd><button onclick="new_p12('p12')">生成P12文件</button></dd> -->
<dd><input type="submit" value="生成P12文件"></dd>
</form>
</dl>
<dl style="float: left;">
<form action="./sslApi.php" method="POST" target="_blank" enctype="multipart/form-data">
<input type="hidden" name="type" value="p12Read">
<dt>根据p12文件或pfx文件生成证书和私钥文件</dt>
<dd>P12文件:<input type="file" name="p12File"></dd>
<dd>密 码:<input type="text" name="pwd"></dd>
<dd><input type="submit" value="提交"></dd>
</form>
</dl>
<div style="clear: both;"></div>
</div>
<script type="text/javascript">
function new_cert(type){
var countryName = $("input[name=countryName]").val();
var stateOrProvinceName = $("input[name=stateOrProvinceName]").val();
var localityName = $("input[name=localityName]").val();
var organizationalUnitName = $("input[name=organizationalUnitName]").val();
var organizationName = $("input[name=organizationName]").val();
var commonName = $("input[name=commonName]").val();
var emailAddress = $("input[name=emailAddress]").val();
var pwd = $("input[name=pwd]").val();
var validity = $("#validity").val();
//这里有空判断,根据自己的需要修改
if(!commonName){alert("公共名称不能为空");return false;}
if(!countryName){countryName="CN";}
if(!stateOrProvinceName){stateOrProvinceName="Inner Mongolia";}
if(!localityName){localityName="Hohhot";}
if(!organizationalUnitName){organizationalUnitName="None";}
if(!organizationName){organizationName="None";}
$.ajax({
type:"post",
url:"./sslApi.php",
data:{
countryName:countryName,
stateOrProvinceName:stateOrProvinceName,
localityName:localityName,
organizationalUnitName:organizationalUnitName,
organizationName:organizationName,
commonName:commonName,
emailAddress:emailAddress,
day:(validity*365),
pwd:pwd,
type:type
},success:function (ret) {
if(ret.code==1){
alert("操作完成,存储在tmp文件夹中");
}
}
})
}
</script>
</body>
</html>