PHP 8.0.6 Released!

openssl_pkcs12_export

(PHP 5 >= 5.2.2, PHP 7, PHP 8)

openssl_pkcs12_exportExports a PKCS#12 Compatible Certificate Store File to variable

Descrição

openssl_pkcs12_export ( OpenSSLCertificate|string $certificate , string &$output , OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $private_key , string $passphrase , array $options = [] ) : bool

openssl_pkcs12_export() stores certificate into a string named by output in a PKCS#12 file format.

Parâmetros

x509

Veja Key/parâmetros de certificado para uma lista de valores válidos.

output

On success, this will hold the PKCS#12.

private_key

Private key component of PKCS#12 file. See Public/Private Key parameters for a list of valid values.

passphrase

Encryption password for unlocking the PKCS#12 file.

options

Optional array, other keys will be ignored.

Key Descrição
"extracerts" array of extra certificates or a single certificate to be included in the PKCS#12 file.
"friendlyname" string to be used for the supplied certificate and key

Valor Retornado

Retorna true em caso de sucesso ou false em caso de falha.

Changelog

Versão Descrição
8.0.0 certificate accepts an OpenSSLCertificate instance now; previously, a resource of type OpenSSL X.509 CSR was accepted.
8.0.0 private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted.
add a note add a note

User Contributed Notes 5 notes

up
1
Robert
6 years ago
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args
= array(
   
'extracerts' => array(
       
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
       
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
       
// ...
       
)
    );
?>

You can use this to prepare a PEM.

<?php
$pemChain
= '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
2
simoncpu was here
11 years ago
If your certificate is not password-protected, just use null or a blank string.  Otherwise, this function won't work.
up
1
Anonymous
7 years ago
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args
= array(
              
'extracerts' => $CAcert,
              
'friendly_name' => 'My signed cert by CA certificate'
             
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
-1
ismael at privasy dot org
7 years ago
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format , 

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
up
-7
mryom
10 years ago
Example:

<?php
$key
= openssl_pkey_get_private(Private_Key, Password);

openssl_pkcs12_export(Certificate, $iis, $key, Password);
?>
To Top