OpenSSL 인증서 발행 절차
$dn = array(....); - DN 준비
$privkey = openssl_pkey_new(); - 키생성
$csr = openssl_csr_new($dn, $privkey); - CSR 생성, 개인키로 서명
$sscert = openssl_csr_sign($csr, null, $privkey, 365); - 개인키로 서명하여 인증서 생성
openssl_csr_export($csr, $csrout); - CSR을 export
openssl_x509_export($sscert, $certout); - 인증서를 export
openssl_pkey_export($privkey, $pkeyout, "mypassword"); - 개인키를 export
인증서발행요구서(CSR)
string(1102) "-----BEGIN CERTIFICATE REQUEST-----
MIIC9DCCAdwCAQAwga4xCzAJBgNVBAYTAlVLMREwDwYDVQQIDAhTb21lcnNldDEU
MBIGA1UEBwwLR2xhc3RvbmJ1cnkxHzAdBgNVBAoMFlRoZSBCcmFpbiBSb29tIExp
bWl0ZWQxHzAdBgNVBAsMFlBIUCBEb2N1bWVudGF0aW9uIFRlYW0xFDASBgNVBAMM
C1dleiBGdXJsb25nMR4wHAYJKoZIhvcNAQkBFg93ZXpAZXhhbXBsZS5jb20wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDd2XYYEJKqmO3cXTM19KPuQYlR
JGVfewqRIp8CJtdcOGFtZZ/PiGlYdWnIorVStiWqFqHSgmjXEPwxua1Tz1onHgja
JFARXDFsFvpqtjSAp5HOwJy8VBcG3KaWr6s3W0OjJ8L5+LaF+/3R+qoZ0/CtZdxL
zEpgy2za2ry8L5uBAoJfdz+On4hMWua5nPegWsvhY6uij2snPi0GmolvBizmRITe
8qFrKqZMe4rya2/ZUenZWZBP3M+13/zkpQHb5LM2EuGf254T5cCZOsMRZyTXVFYO
vTdKgYEYfBLPs9FB2+R6sRaNjeDyysDTu9wbEj/1iFYzRh08oXfuxuJBd3JjAgMB
AAGgADANBgkqhkiG9w0BAQsFAAOCAQEAMiGaJcy8No0G5UYI+UfUEIiWHE1hLK/t
wGr2Yoc/1dtt8pwcGnR2EhR/mlF5IZgIwiRm/9XOg1Bniwd08hX5kuF8YUOew9Lr
ysdRkKaX+ngDCzXEl+Q0grDSGhsMAGk3ZYmA1Q9ERyfGtc/BcPkqN1SEaCPmAZCE
GtXWAQ1mbabPyWR/Vv31rfJTLDhRhV+KailQxFcLWhweIXb7Mfkbvj5uJsAXhQad
5UkNgsEI80Je9C/mZDnusQXQnvRd5+9ZDy9Cjwve1//GmmhA+tCyoETZrYHbfRRb
2pJ9QBXmhjPwO4YfPBW+Vj9ewQew6X5VoYSAvAo/Y3/15YAqwoiebQ==
-----END CERTIFICATE REQUEST-----
"
인증서(Certificate)
string(1505) "-----BEGIN CERTIFICATE-----
MIIEKTCCAxGgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UEBhMCVUsx
ETAPBgNVBAgMCFNvbWVyc2V0MRQwEgYDVQQHDAtHbGFzdG9uYnVyeTEfMB0GA1UE
CgwWVGhlIEJyYWluIFJvb20gTGltaXRlZDEfMB0GA1UECwwWUEhQIERvY3VtZW50
YXRpb24gVGVhbTEUMBIGA1UEAwwLV2V6IEZ1cmxvbmcxHjAcBgkqhkiG9w0BCQEW
D3dlekBleGFtcGxlLmNvbTAeFw0yNTA2MjUxMzUzNDNaFw0yNjA2MjUxMzUzNDRa
MIGuMQswCQYDVQQGEwJVSzERMA8GA1UECAwIU29tZXJzZXQxFDASBgNVBAcMC0ds
YXN0b25idXJ5MR8wHQYDVQQKDBZUaGUgQnJhaW4gUm9vbSBMaW1pdGVkMR8wHQYD
VQQLDBZQSFAgRG9jdW1lbnRhdGlvbiBUZWFtMRQwEgYDVQQDDAtXZXogRnVybG9u
ZzEeMBwGCSqGSIb3DQEJARYPd2V6QGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEA3dl2GBCSqpjt3F0zNfSj7kGJUSRlX3sKkSKfAibX
XDhhbWWfz4hpWHVpyKK1UrYlqhah0oJo1xD8MbmtU89aJx4I2iRQEVwxbBb6arY0
gKeRzsCcvFQXBtymlq+rN1tDoyfC+fi2hfv90fqqGdPwrWXcS8xKYMts2tq8vC+b
gQKCX3c/jp+ITFrmuZz3oFrL4WOroo9rJz4tBpqJbwYs5kSE3vKhayqmTHuK8mtv
2VHp2VmQT9zPtd/85KUB2+SzNhLhn9ueE+XAmTrDEWck11RWDr03SoGBGHwSz7PR
QdvkerEWjY3g8srA07vcGxI/9YhWM0YdPKF37sbiQXdyYwIDAQABo1AwTjAdBgNV
HQ4EFgQU+bCpRiypMbz4oDbrkWhacjIC1zYwHwYDVR0jBBgwFoAU+bCpRiypMbz4
oDbrkWhacjIC1zYwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAiWMa
rVArFzyGq3TgBdMKlH0HD8gCv6mahARizI80lYItTNvRmBUdqem3eLaPV40gprSU
CNk6/0An0DX7xsx7hnLrwFcArBmTXTBWP9rmL6a8f0zHh1rC+lwhxWiwDpwgYcrw
Xl0bETMuZCpvU1Dr1FTATTI53dFIwngUnAq8BvCtdziO9hPrr4zzLvIVhlBIgbM1
rSv7X3ex5sf4EXMs1g6ZqVcg2s4yv5eY0DhxrRN1dqAk5txuPIfdVOUtEyWBJR68
Ki0+8p+iHcIXp71u/4mSzPjG7cWuOz1B516FcdoPE9K6JQ82tzVWMjGv6CIa8gr/
NuP9ew1UicrHChpJdw==
-----END CERTIFICATE-----
"
개인키(Private Key)
string(1834) "-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIIUk61mWYsuYCAggA
MBQGCCqGSIb3DQMHBAh/RQVsItkjrwSCBMj3nFPFM7oL8mcUjIz0zi61VlSjzRUY
uGlTlcttW7GwctY9Z2fEDwJ5WL6kB9SRTEtw0yt1bIoNDv54CXpE2G4cCnJVb2ss
NGkXilqos9OrRH19wDIkDZVGM1z79nRPRxY/kQkRSjblcOspPCcKX2BemyD0bkLJ
eXY3BtFIu4VPTsmQkL6p+UEC9BLRUY5Ed0ZtLjnrGJsAaWcionTSGtVPduktAl2q
vFVLF+HnhbGsjI5t1iRjp1MxSH2yaf36NIDfhb3IvBiejcisbhxXcRsAK2SKvqQ4
p8q9TRHpsNaxqHc25FIM4YiDal7to/kvCmH+/LmtZ4U81fB0IGQLcww51Q59N4wa
95+WQHMsgyWWrt+6s+/CPQYCKpEjJ3EE1pUFIQYP7L3vsYSO9mx2vXoKj8b7+L7Y
Nnmr9fqlzsDtgwbDG/mkZPtSARsFUyXIXO7Ai9EComiqPuNWYCRz36vY073HVbCg
JcpP95AdXkSf/xadSI/M1PmHIlruieyrvoCGPtgFnlIP08T1TaqmDgc3Y5fnpWA/
9NmGlRVbxQBdK1wwr0obRfj8ZM7ZV+Hwj7fAPpd4h1gni8dngMRUn7pQNIW7z+09
OdCQJypX5yCMaobDqJuqGys6KNcG5ZQfWKDseaeF8cHOYqldOBB0SbFU2EBetJeM
1GMmoTEozuRP3t1zRz+AXeEvH6kuo8/U0HuTHcjXCBRuxoXh65E3TsFmLSv7d/Tu
8YT0RNqCm8qVzW0fsLjyXBSK0S7iby/4A87v4BkvIgjk/T9qMC+4klWbv4GqI/jA
ZZF/vm/Crenwp6pCkevjVLhivEq8mgHfZi7ChsCbCzLfu/mQ1PRtcjwnumKL47Zw
cXw2400wvNVssbCJKlVEMUxHMmOTD/zX9f9KOY+LCkuKYF5o4uDrp/VhGZve2T7S
CHSlDccUrIPWjn7ejHINewq4ZptWYhSj4948TJXJYD2JcxkUe2efK5QySrRT2rLx
CbqvdqeEoCxn4/TJJUsWkmaQ2rAavIruQZoA5MTmfVp5U06ggA4oEFfTIlfMoJ07
yoOxoQLiCWN0x7lnD7lOJI/y/zt02ecW3/ueVndyGGRWHpj28zg9CHOHAdtx5jbK
xTtR/wLsi5hHclhYath1K2irvmZbZFQbJy37pdxkHcICrAHFStQZbiQdLirGPWpt
96bsxrcCDJK0VQ+mWZZdrv7UzTKytMSl5Ts+sjLawcTUCp+2ONKnEyQdtWA6ffGa
2D5X6aDVWV1u66zSwO9ibloWJqJDrO21gGXEuorh7EWgcV/2W40mUrq4b8/YAif/
wc+QFDa5phcR+cUhZ+5gCqvbxgAjc7zwpVmvwG/voNL/pNvmYrNbL/dkcXqo71GF
irCZ1HUnPplvY/N3BEAiDLyU4VtvMe2CpkzihE6vaadv47zPG4V6vkxrD2c3A6yc
4rXgTfhnzzORKGhkbARV1aw29oIzI+EFlpFYoa+vUixrIhvx4Y2KCgBxUe0YN6/V
0RGClfJEZ9+a3SiImW4qQfh6QAZUWnR4PBvXeWhYovFzbaXmCauVLpRp1h6DTiCk
xk4MvIBS9+Hk5TXpq+2BsBa287EFXAEghciwWsdCjET4Y3GcTICKYKMYIicWjA9V
JTY=
-----END ENCRYPTED PRIVATE KEY-----
"
array(14) {
["subject"]=>
array(7) {
["C"]=>
string(2) "UK"
["ST"]=>
string(8) "Somerset"
["L"]=>
string(11) "Glastonbury"
["O"]=>
string(22) "The Brain Room Limited"
["OU"]=>
string(22) "PHP Documentation Team"
["CN"]=>
string(11) "Wez Furlong"
["emailAddress"]=>
string(15) "wez@example.com"
}
["hash"]=>
string(8) "bf438966"
["issuer"]=>
array(7) {
["C"]=>
string(2) "UK"
["ST"]=>
string(8) "Somerset"
["L"]=>
string(11) "Glastonbury"
["O"]=>
string(22) "The Brain Room Limited"
["OU"]=>
string(22) "PHP Documentation Team"
["CN"]=>
string(11) "Wez Furlong"
["emailAddress"]=>
string(15) "wez@example.com"
}
["version"]=>
int(2)
["serialNumber"]=>
string(1) "0"
["validFrom"]=>
string(13) "250625135343Z"
["validTo"]=>
string(13) "260625135344Z"
["validFrom_time_t"]=>
int(1750859623)
["validTo_time_t"]=>
int(1782395624)
["signatureTypeSN"]=>
string(10) "RSA-SHA256"
["signatureTypeLN"]=>
string(23) "sha256WithRSAEncryption"
["signatureTypeNID"]=>
int(668)
["purposes"]=>
array(9) {
[1]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(9) "sslclient"
}
[2]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(9) "sslserver"
}
[3]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(11) "nssslserver"
}
[4]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(9) "smimesign"
}
[5]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(12) "smimeencrypt"
}
[6]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(7) "crlsign"
}
[7]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(3) "any"
}
[8]=>
array(3) {
[0]=>
bool(true)
[1]=>
bool(true)
[2]=>
string(10) "ocsphelper"
}
[9]=>
array(3) {
[0]=>
bool(false)
[1]=>
bool(true)
[2]=>
string(13) "timestampsign"
}
}
["extensions"]=>
array(3) {
["subjectKeyIdentifier"]=>
string(59) "F9:B0:A9:46:2C:A9:31:BC:F8:A0:36:EB:91:68:5A:72:32:02:D7:36"
["authorityKeyIdentifier"]=>
string(66) "keyid:F9:B0:A9:46:2C:A9:31:BC:F8:A0:36:EB:91:68:5A:72:32:02:D7:36
"
["basicConstraints"]=>
string(7) "CA:TRUE"
}
}
Array
(
[subject] => Array
(
[C] => UK
[ST] => Somerset
[L] => Glastonbury
[O] => The Brain Room Limited
[OU] => PHP Documentation Team
[CN] => Wez Furlong
[emailAddress] => wez@example.com
)
[hash] => bf438966
[issuer] => Array
(
[C] => UK
[ST] => Somerset
[L] => Glastonbury
[O] => The Brain Room Limited
[OU] => PHP Documentation Team
[CN] => Wez Furlong
[emailAddress] => wez@example.com
)
[version] => 2
[serialNumber] => 0
[validFrom] => 250625135343Z
[validTo] => 260625135344Z
[validFrom_time_t] => 1750859623
[validTo_time_t] => 1782395624
[signatureTypeSN] => RSA-SHA256
[signatureTypeLN] => sha256WithRSAEncryption
[signatureTypeNID] => 668
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] => 1
[2] => sslclient
)
[2] => Array
(
[0] => 1
[1] => 1
[2] => sslserver
)
[3] => Array
(
[0] => 1
[1] => 1
[2] => nssslserver
)
[4] => Array
(
[0] => 1
[1] => 1
[2] => smimesign
)
[5] => Array
(
[0] => 1
[1] => 1
[2] => smimeencrypt
)
[6] => Array
(
[0] => 1
[1] => 1
[2] => crlsign
)
[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array
(
[0] => 1
[1] => 1
[2] => ocsphelper
)
[9] => Array
(
[0] =>
[1] => 1
[2] => timestampsign
)
)
[extensions] => Array
(
[subjectKeyIdentifier] => F9:B0:A9:46:2C:A9:31:BC:F8:A0:36:EB:91:68:5A:72:32:02:D7:36
[authorityKeyIdentifier] => keyid:F9:B0:A9:46:2C:A9:31:BC:F8:A0:36:EB:91:68:5A:72:32:02:D7:36
[basicConstraints] => CA:TRUE
)
)