Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/ukrbublik/openssl_x509_crl

Missing OpenSSL function on PHP to create CRL (certificate revocation list) for CA
https://github.com/ukrbublik/openssl_x509_crl

asn1 certificate-authority certificate-revocation-lists certificates cryptography openssl openssl-extension php x509

Last synced: 6 months ago
JSON representation

Missing OpenSSL function on PHP to create CRL (certificate revocation list) for CA

Awesome Lists containing this project

README 

          
# openssl_x509_crl()



### Description:

If you want to create own Certification authority (CA) on pure PHP with OpenSSL extension, 

you need a function to create certificate revocation list (CRL) which is missing in OpenSSL extension ([request #40046](https://bugs.php.net/bug.php?id=40046)).



This lib implements such function - **openssl_x509_crl()**



### Usage example:

```php

use Ukrbublik\openssl_x509_crl\X509;

use Ukrbublik\openssl_x509_crl\X509_CERT;

use Ukrbublik\openssl_x509_crl\X509_CRL;



$ci = array(

	'no' => 1,

	'version' => 2,

	'days' => 30,

	'alg' => OPENSSL_ALGO_SHA1,

	'revoked' => array(

		array(

			'serial' => '101',

			'rev_date' => time(),

			'reason' => X509::getRevokeReasonCodeByName("cessationOfOperation"),

			'compr_date' => strtotime("-1 day"),

			'hold_instr' => null,

		)

	)

);

$ca_pkey = openssl_pkey_get_private(file_get_contents('ca_key.key'));

$ca_cert = X509::pem2der(file_get_contents('ca_cert.cer'));

$crl_data = openssl_x509_crl($ci, $ca_pkey, $ca_cert);

//$crl_data contains CRL in DER format

```