DEVHIDE
Login Or Sign up

Add extended keyusage extensions on generated certificatees with phpseclib

364 Views Asked by At

I can add keyusage with phpseclib using this code:

$x509->setExtension('id-ce-keyUsage', array('digitalSignature', 'keyEncipherment'));

Is possible to also set extended key usage? Any docs on that?

php x509 phpseclib
Original Q&A
1

There are 1 best solutions below

2
On BEST ANSWER 
$x509->setExtension('id-ce-extKeyUsage', array('id-kp-serverAuth', 'id-kp-clientAuth'));

Full example:

<?php
include('File/X509.php');
include('Crypt/RSA.php');

// create private key / x.509 cert for stunnel / website
$privKey = new Crypt_RSA();
extract($privKey->createKey());
$privKey->loadKey($privatekey);

$pubKey = new Crypt_RSA();
$pubKey->loadKey($publickey);
$pubKey->setPublicKey();

$subject = new File_X509();
$subject->setDNProp('id-at-organizationName', 'phpseclib demo cert');
$subject->setPublicKey($pubKey);

$issuer = new File_X509();
$issuer->setPrivateKey($privKey);
$issuer->setDN($subject->getDN());

$x509 = new File_X509();

$x509->loadX509($x509->saveX509($x509->sign($issuer, $subject)));

$x509->setExtension('id-ce-keyUsage', array('digitalSignature', 'keyEncipherment'));
$x509->setExtension('id-ce-extKeyUsage', array('id-kp-serverAuth', 'id-kp-clientAuth'));

$result = $x509->sign($issuer, $x509);

echo "the stunnel.pem contents are as follows:\r\n\r\n";
echo $privKey->getPrivateKey();
echo "\r\n";
echo $x509->saveX509($result);
echo "\r\n";

I can't say I like it how you have to re-sign a cert to get this effect but whatever.

Related Questions in PHP

Related Questions in X509

Related Questions in PHPSECLIB

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.