CascadiaPHP 2024

openssl_pkcs12_export

(PHP 5 >= 5.2.2, PHP 7, PHP 8)

openssl_pkcs12_exportExports a PKCS#12 Compatible Certificate Store File to variable

Descrição

openssl_pkcs12_export(
    OpenSSLCertificate|string $certificate,
    string &$output,
    #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $private_key,
    #[\SensitiveParameter] string $passphrase,
    array $options = []
): bool

openssl_pkcs12_export() stores certificate into a string named by output in a PKCS#12 file format.

Parâmetros

x509

Consulte Parâmetros Chave/Certificado para obter uma lista de valores válidos.

output

On success, this will hold the PKCS#12.

private_key

Private key component of PKCS#12 file. See Public/Private Key parameters for a list of valid values.

passphrase

Encryption password for unlocking the PKCS#12 file.

options

Optional array, other keys will be ignored.

Key Descrição
"extracerts" array of extra certificates or a single certificate to be included in the PKCS#12 file.
"friendly_name" string to be used for the supplied certificate and key

Valor Retornado

Retorna true em caso de sucesso ou false em caso de falha.

Registro de Alterações

Versão Descrição
8.0.0 certificate accepts an OpenSSLCertificate instance now; previously, a resource of type OpenSSL X.509 CSR was accepted.
8.0.0 private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted.
add a note

User Contributed Notes 5 notes

up
1
Robert
10 years ago
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args
= array(
'extracerts' => array(
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
// ...
)
);
?>

You can use this to prepare a PEM.

<?php
$pemChain
= '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
2
simoncpu was here
14 years ago
If your certificate is not password-protected, just use null or a blank string. Otherwise, this function won't work.
up
1
ismael at privasy dot org
10 years ago
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format ,

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
up
1
Anonymous
10 years ago
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args
= array(
'extracerts' => $CAcert,
'friendly_name' => 'My signed cert by CA certificate'
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
-9
mryom
13 years ago
Example:

<?php
$key
= openssl_pkey_get_private(Private_Key, Password);

openssl_pkcs12_export(Certificate, $iis, $key, Password);
?>
To Top