ukrbublik/openssl_x509_crl

Missing OpenSSL function on PHP to create CRL (certificate revocation list) for CA

Maintainers

Details

github.com/ukrbublik/openssl_x509_crl

Homepage

Source

Issues

Installs: 2 011

Dependents: 0

Suggesters: 0

Security: 0

Stars: 17

Watchers: 3

Forks: 7

Open Issues: 0

1.3 2019-11-25 18:15 UTC

Requires

MIT 9490a34de2796e170000f41c907843608de1aa60

  • ukrbublik <ukrbublik.woop@gmail.com>

phpcryptographyx509x.509asn1asn.1opensslcertificatecertificatesopenssl-extensioncertificate-authoritycertificate-revocation-lists

This package is not auto-updated.

Last update: 2025-03-16 05:27:48 UTC

README

Description:

If you want to create own Certification authority (CA) on pure PHP with OpenSSL extension, you need a function to create certificate revocation list (CRL) which is missing in OpenSSL extension (request #40046).

This lib implements such function - openssl_x509_crl()

Usage example:

use Ukrbublik\openssl_x509_crl\X509;
use Ukrbublik\openssl_x509_crl\X509_CERT;
use Ukrbublik\openssl_x509_crl\X509_CRL;

$ci = array(
	'no' => 1,
	'version' => 2,
	'days' => 30,
	'alg' => OPENSSL_ALGO_SHA1,
	'revoked' => array(
		array(
			'serial' => '101',
			'rev_date' => time(),
			'reason' => X509::getRevokeReasonCodeByName("cessationOfOperation"),
			'compr_date' => strtotime("-1 day"),
			'hold_instr' => null,
		)
	)
);
$ca_pkey = openssl_pkey_get_private(file_get_contents('ca_key.key'));
$ca_cert = X509::pem2der(file_get_contents('ca_cert.cer'));
$crl_data = openssl_x509_crl($ci, $ca_pkey, $ca_cert);
//$crl_data contains CRL in DER format