OpenSSL 인증서 발행 절차
$dn = array(....); - DN 준비
$privkey = openssl_pkey_new(); - 키생성
$csr = openssl_csr_new($dn, $privkey); - CSR 생성, 개인키로 서명
$sscert = openssl_csr_sign($csr, null, $privkey, 365); - 개인키로 서명하여 인증서 생성
openssl_csr_export($csr, $csrout); - CSR을 export
openssl_x509_export($sscert, $certout); - 인증서를 export
openssl_pkey_export($privkey, $pkeyout, "mypassword"); - 개인키를 export
인증서발행요구서(CSR)
string(1102) "-----BEGIN CERTIFICATE REQUEST-----
MIIC9DCCAdwCAQAwga4xCzAJBgNVBAYTAlVLMREwDwYDVQQIDAhTb21lcnNldDEU
MBIGA1UEBwwLR2xhc3RvbmJ1cnkxHzAdBgNVBAoMFlRoZSBCcmFpbiBSb29tIExp
bWl0ZWQxHzAdBgNVBAsMFlBIUCBEb2N1bWVudGF0aW9uIFRlYW0xFDASBgNVBAMM
C1dleiBGdXJsb25nMR4wHAYJKoZIhvcNAQkBFg93ZXpAZXhhbXBsZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC4S+64RnMWixF8FAMQb3tbh2zR
qyx/5W9axiEzqOfQPH5n5hmrrTAtGA3QaJt4XgHz8tTHfbDApjYN5J8iLOuOyygC
1EtrPjh9Y8ytpnzPsyFV7RbXGxtt+iVsEqOPRbk0ym4hAC3w/xYm6dkmlZPkXHtX
tujzNmBk104M13dYDab2+CDnBUHuhRit9V+9C9ZjLCl2Dx3ZPbZzd62C3ohL/Vyb
aeN5kQ1WYW+uszNIGXxdgxB4Hsl5l4DbcMFzwlauHy0uFSk6BeuL3GVDt7LNJ1KD
jca7gLYO5Ve/rKrSDceoWuIzrEAAEY1KZGu5TfQTJd9HWaalvY+5Xi0NpsIHAgMB
AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAQ98W/bjjdvppFN7yqmYgki/N85vNtukU
0nfs83iS1/Gx5xSOKUeQ+f1Hp21io8SDMMc6PyZziXOvtto42Z8R7l9m0XdR/4P+
qjPGVPODz1o6kztrSjwaI6s7D4WnPJ6A8oo7aaOJv0Mi5h4qyi+td5/iy+0Qufq/
+GbAvPA5+Gq0/NWdbibLomwmFE4HfOBfkxOKaiD6p1G7OAcG+yp2hKRGhE4omnvQ
HxGlvW8AwhB9HRCWYJ2Smc2A3Gjfil0EQ91k47c/ZxCKTGVgxYQIfqMcEvsOSMvf
VYudixPbYP8i/cnaptfPqnTVmcFBFU86jkbMUmQ+q0sHnUr1gkP0SQ==
-----END CERTIFICATE REQUEST-----
"
인증서(Certificate)
string(1505) "-----BEGIN CERTIFICATE-----
MIIEKTCCAxGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMCVUsx
ETAPBgNVBAgMCFNvbWVyc2V0MRQwEgYDVQQHDAtHbGFzdG9uYnVyeTEfMB0GA1UE
CgwWVGhlIEJyYWluIFJvb20gTGltaXRlZDEfMB0GA1UECwwWUEhQIERvY3VtZW50
YXRpb24gVGVhbTEUMBIGA1UEAwwLV2V6IEZ1cmxvbmcxHjAcBgkqhkiG9w0BCQEW
D3dlekBleGFtcGxlLmNvbTAeFw0yNDA1MTMxNjE0NTZaFw0yNTA1MTMxNjE0NTZa
MIGuMQswCQYDVQQGEwJVSzERMA8GA1UECAwIU29tZXJzZXQxFDASBgNVBAcMC0ds
YXN0b25idXJ5MR8wHQYDVQQKDBZUaGUgQnJhaW4gUm9vbSBMaW1pdGVkMR8wHQYD
VQQLDBZQSFAgRG9jdW1lbnRhdGlvbiBUZWFtMRQwEgYDVQQDDAtXZXogRnVybG9u
ZzEeMBwGCSqGSIb3DQEJARYPd2V6QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAuEvuuEZzFosRfBQDEG97W4ds0assf+VvWsYhM6jn
0Dx+Z+YZq60wLRgN0GibeF4B8/LUx32wwKY2DeSfIizrjssoAtRLaz44fWPMraZ8
z7MhVe0W1xsbbfolbBKjj0W5NMpuIQAt8P8WJunZJpWT5Fx7V7bo8zZgZNdODNd3
WA2m9vgg5wVB7oUYrfVfvQvWYywpdg8d2T22c3etgt6IS/1cm2njeZENVmFvrrMz
SBl8XYMQeB7JeZeA23DBc8JWrh8tLhUpOgXri9xlQ7eyzSdSg43Gu4C2DuVXv6yq
0g3HqFriM6xAABGNSmRruU30EyXfR1mmpb2PuV4tDabCBwIDAQABo1AwTjAdBgNV
HQ4EFgQUq7cQwuTRkKHFfJkTqkrT0+GDBpAwHwYDVR0jBBgwFoAUq7cQwuTRkKHF
fJkTqkrT0+GDBpAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAAgkM
VdEM6CmEI2GaHeZgS7lPfMDRuA9FHVkYcK93pKzoFSVp7kBNtXEhMOWG+4XaY5wP
3ELNMkiB3YtfaIzE8IKLA9V2PbL+9SBBXzC3qjKuPkJ6lYnbvT3dKGIpy9E0VIYH
aXH5y3Mv4cryu2nV+4xI4SVG5Y2JkUIgEkoyuGAwSbm/k0WGY07gi/GTS9qQYz0M
EzHlEY3BktHhnhDjf6dZdl/8QJaAzQPxiA0KJ5PQpMda4gRrViH2Qr1XfDGUHKRc
R8B8SYMzyJr45tnq5PtOm0rA0fbtVPdlfSHOKLes6iGF/4pkDUrUc1YfSaYVXOZB
VIUKOmxFlOE9PHINNQ==
-----END CERTIFICATE-----
"
개인키(Private Key)
string(1834) "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQITXEaXl0l4ksCAggA
MBQGCCqGSIb3DQMHBAhFw6h1y7CnKwSCBMgl5HvLfgsXIO//L2F5FEJqxOPmfU59
5UMQ28LQntl6WGXqeoQtMlwCI00WOnB7WEhyxdkFMb5UZbVEKqwGu0P+Kt/S/TsD
zHD54+U32jdWoFe65saOR6MXgBPgBArOPeyZStpmDjfz/037ge0HP0HZfk2S7C2c
uxnma5RqUQ9HKNbdFAkAh2LH8yUmudgBIEyTj0uJbD5+MCIXjdmDinIguk27LeTm
PbTWZ2wPeCd4F7mSwv9JT6OEtUtbyP+dDtPjbibnOmWNibPnidyrwElZlCzdvQIa
8Ps6gmykjpTNQ9Qv3dGUwEOfTRHuomvcIwPLzrMpHN5Ezz5fCKGsConJ67JUQSo8
v7hBFag4HuQau7KUB987cdg1MyiwpIZSiFmB4uvj/ZPXqtmpf23woMulV2XygLYP
eseKkAYcx9hlZe8nZcybS4D/f6rr+47Gur4oJgvHAVqU7hRlZEAquL9T5bKA7A6D
Pm2mnJKISPiOAQtuELSjykX69bm1s+w/eiTqJAEkgOlZZ4w3X28e9RJ5v7iN9Q92
VsEHjgbH+JKmNCDYRjtLQ4WFJj5HZG12cbcZqIP7e0jQapz4P3nbH3gMzmFC3Wl9
H8yPdbWcA/yjArkJZF6rgZmxA9byF0Sjc3fNlOdR2s+SmEdleOHs5lzMtXfeC2EX
nWgRk4xsfDtFjTaYz/Nb/qkCWAN4WGPl2KioRxmmTK1Q6nx5q8HROznN11xpToVp
t+tQAAtROqaT8QijvH2sSTr1dtHcogNRZMwgoY6n+o2dtRdm2URD97V4BLmRTsra
C24OaO7f7c3fuB5t+eY83vgxMDOW/BqWe3Hu2RQ+Y2tAGWKCy3GSaDD5aSNl1gtI
6uvkxuDkq24p4xDjXrt3176KnZ5TxGzdgn39lcvWr+wNXtddo9xFk7fCjwlblEHF
r832pEOX05s65LJP6Oj+SGbLjvAj1dVJAZvfRDI4tT/DCq8ij7N03o9ReVWNdQBU
hRZnsXH2WDLUSyzWubxonLg/cjn6GChhYklFx1p6aNd9RnmhfzwDADHfg6ulhvpi
w2kXxD7NQZzK2tNQuQhQtweDVxnlZwYNY0npHhUSTa9Bdb65steMEIsxuQjH49Oi
LFwLTIaZEm5da31Zpd/7XfUPpM0vvEr3Puzz8uQ9Joh0mX1pUCGyvPKW4zm1Lu77
JR+QTUjj9KsyFvQmVemwt3saxgFusrCgEZZVPjP/3+waQNszVIPzr0u12g5ncsFv
eBmi+9KUaVbZZeCceC/cs3rNcxyF93IkgT1OcG1Ozu3Rqcz6OygFt+FIMxOcmJ8g
FxGjf29qmY0EKKrJ5LhAVXOcy1SGkkit1ce82fC8wi/20hrUwi9ZWVAjc/bUBps0
NhzEy3F2+AR8y1p7MxQRY49aBrODeMR/Hhjq+XCj2G2yAqqlS3k6mUVL9tW4blTe
Bn94FVM4l4ImYDIUswK8aaDcCq9zomzJfGle5si6clipHn+LNVUHmF9XU4UtmdZo
dclM26jDD4sPYlpGb0hc6kwlu6zbU2zgl1RtxTO2hziSMxkmIwGfAyydnVMypr2g
MllLlDVTiRH3ZJcWlp9j/B7AvK17qhX30Gq9axuHNPBQ/r0JmAySr7tZHu++sB5o
e7w=
-----END ENCRYPTED PRIVATE KEY-----
"
array(14) {
["subject"]=>
array(7) {
["C"]=>
string(2) "UK"
["ST"]=>
string(8) "Somerset"
["L"]=>
string(11) "Glastonbury"
["O"]=>
string(22) "The Brain Room Limited"
["OU"]=>
string(22) "PHP Documentation Team"
["CN"]=>
string(11) "Wez Furlong"
["emailAddress"]=>
string(15) "wez@example.com"
}
["hash"]=>
string(8) "bf438966"
["issuer"]=>
array(7) {
["C"]=>
string(2) "UK"
["ST"]=>
string(8) "Somerset"
["L"]=>
string(11) "Glastonbury"
["O"]=>
string(22) "The Brain Room Limited"
["OU"]=>
string(22) "PHP Documentation Team"
["CN"]=>
string(11) "Wez Furlong"
["emailAddress"]=>
string(15) "wez@example.com"
}
["version"]=>
int(2)
["serialNumber"]=>
string(1) "0"
["validFrom"]=>
string(13) "240513161456Z"
["validTo"]=>
string(13) "250513161456Z"
["validFrom_time_t"]=>
int(1715616896)
["validTo_time_t"]=>
int(1747152896)
["signatureTypeSN"]=>
string(10) "RSA-SHA256"
["signatureTypeLN"]=>
string(23) "sha256WithRSAEncryption"
["signatureTypeNID"]=>
int(668)
["purposes"]=>
array(9) {
[1]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(9) "sslclient"
}
[2]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(9) "sslserver"
}
[3]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(11) "nssslserver"
}
[4]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(9) "smimesign"
}
[5]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(12) "smimeencrypt"
}
[6]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(7) "crlsign"
}
[7]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(3) "any"
}
[8]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(10) "ocsphelper"
}
[9]=>
array(3) {
[0]=>
bool(false)
[1]=>
bool(true)
[2]=>
string(13) "timestampsign"
}
}
["extensions"]=>
array(3) {
["subjectKeyIdentifier"]=>
string(59) "AB:B7:10:C2:E4:D1:90:A1:C5:7C:99:13:AA:4A:D3:D3:E1:83:06:90"
["authorityKeyIdentifier"]=>
string(66) "keyid:AB:B7:10:C2:E4:D1:90:A1:C5:7C:99:13:AA:4A:D3:D3:E1:83:06:90
"
["basicConstraints"]=>
string(7) "CA:TRUE"
}
}
Array
(
[subject] => Array
(
[C] => UK
[ST] => Somerset
[L] => Glastonbury
[O] => The Brain Room Limited
[OU] => PHP Documentation Team
[CN] => Wez Furlong
[emailAddress] => wez@example.com
)
[hash] => bf438966
[issuer] => Array
(
[C] => UK
[ST] => Somerset
[L] => Glastonbury
[O] => The Brain Room Limited
[OU] => PHP Documentation Team
[CN] => Wez Furlong
[emailAddress] => wez@example.com
)
[version] => 2
[serialNumber] => 0
[validFrom] => 240513161456Z
[validTo] => 250513161456Z
[validFrom_time_t] => 1715616896
[validTo_time_t] => 1747152896
[signatureTypeSN] => RSA-SHA256
[signatureTypeLN] => sha256WithRSAEncryption
[signatureTypeNID] => 668
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] => 1
[2] => sslclient
)
[2] => Array
(
[0] => 1
[1] => 1
[2] => sslserver
)
[3] => Array
(
[0] => 1
[1] => 1
[2] => nssslserver
)
[4] => Array
(
[0] => 1
[1] => 1
[2] => smimesign
)
[5] => Array
(
[0] => 1
[1] => 1
[2] => smimeencrypt
)
[6] => Array
(
[0] => 1
[1] => 1
[2] => crlsign
)
[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array
(
[0] => 1
[1] => 1
[2] => ocsphelper
)
[9] => Array
(
[0] =>
[1] => 1
[2] => timestampsign
)
)
[extensions] => Array
(
[subjectKeyIdentifier] => AB:B7:10:C2:E4:D1:90:A1:C5:7C:99:13:AA:4A:D3:D3:E1:83:06:90
[authorityKeyIdentifier] => keyid:AB:B7:10:C2:E4:D1:90:A1:C5:7C:99:13:AA:4A:D3:D3:E1:83:06:90
[basicConstraints] => CA:TRUE
)
)