openssl_pkcs12_export

(PHP 5 >= 5.2.2, PHP 7, PHP 8)

openssl_pkcs12_exportExporta un Archivo de Almacén de Certificado Compatible con PKCS#12 a una variable

Descripción

openssl_pkcs12_export(
    mixed $x509,
    string &$out,
    mixed $priv_key,
    string $pass,
    array $args = ?
): bool

openssl_pkcs12_export() guarda x509 en una cadena nombrada por out en un formato de archivo PKCS#12.

Parámetros

x509

Ver parámetros Key/Certificate para un listado de valores válidos.

out

Si se tiene éxito, ésto contendrá el PKCS#12.

priv_key

El componente clave privada del archivo PKCS#12.

pass

Contraseña de encriptación para desbloquear el archivo PKCS#12.

args

Valores devueltos

Devuelve true en caso de éxito o false en caso de error.

add a note add a note

User Contributed Notes 5 notes

up
1
Robert
10 years ago
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args
= array(
   
'extracerts' => array(
       
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
       
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
       
// ...
       
)
    );
?>

You can use this to prepare a PEM.

<?php
$pemChain
= '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
2
simoncpu was here
14 years ago
If your certificate is not password-protected, just use null or a blank string.  Otherwise, this function won't work.
up
1
Anonymous
10 years ago
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args
= array(
              
'extracerts' => $CAcert,
              
'friendly_name' => 'My signed cert by CA certificate'
             
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
-1
ismael at privasy dot org
10 years ago
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format , 

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
up
-7
mryom
13 years ago
Example:

<?php
$key
= openssl_pkey_get_private(Private_Key, Password);

openssl_pkcs12_export(Certificate, $iis, $key, Password);
?>
To Top