openssl_csr_sign
OpenSSLCertificateSigningRequest|string$csr,
OpenSSLCertificate|string|null$ca_certificate,
OpenSSLAsymmetricKey|OpenSSLCertificate|array|string$private_key,
int$days,
[array|null$options = null],
[int$serial = 0]
): OpenSSLCertificate|false
openssl_csr_sign generates an x509 certificate from the given CSR.
Note:
You need to have a valid openssl.cnf installed for this function to operate correctly. See the notes under the installation section for more information.
Parameters
- csr
-
A CSR previously generated by openssl_csr_new. It can also be the path to a PEM encoded CSR when specified as file://path/to/csr or an exported string generated by openssl_csr_export.
- ca_certificate
-
The generated certificate will be signed by ca_certificate. If ca_certificate is null, the generated certificate will be a self-signed certificate.
- private_key
-
private_key is the private key that corresponds to ca_certificate.
- days
-
days specifies the length of time for which the generated certificate will be valid, in days.
- options
-
You can finetune the CSR signing by options. See openssl_csr_new for more information about options.
- serial
-
An optional the serial number of issued certificate. If not specified it will default to 0.
Return Values
Returns an OpenSSLCertificate on success, false on failure.
Changelog
| Version | Description |
| 8.0.0 | On success, this function returns an OpenSSLCertificate instance now; previously, a resource of type OpenSSL X.509 was returned. |
| 8.0.0 | csr accepts an OpenSSLCertificateSigningRequest instance now; previously, a resource of type OpenSSL X.509 CSR was accepted. |
| 8.0.0 | ca_certificate accepts an OpenSSLCertificate instance now; previously, a resource of type OpenSSL X.509 was accepted. |
| 8.0.0 | private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted. |