Key/Certificate parameters
Quite a few of the openssl functions require a key or a certificate parameter. Following methods may be used to get them:
-
Certificates
-
An OpenSSLCertificate instance
(or prior to PHP 8.0.0, a resource of type
OpenSSL X.509
) returned from openssl_x509_read() - A string having the format file://path/to/cert.pem; the named file must contain a PEM encoded certificate
- A string containing the content of a certificate, PEM encoded, may start with -----BEGIN CERTIFICATE-----
-
An OpenSSLCertificate instance
(or prior to PHP 8.0.0, a resource of type
-
Certificate Signing Requests (CSRs)
-
An OpenSSLCertificateSigningRequest instance
(or prior to PHP 8.0.0, a resource of type
OpenSSL X.509 CSR
) returned from openssl_csr_new() - A string having the format file://path/to/csr.pem; the named file must contain a PEM encoded CSR
- A string containing the content of a CSR, PEM encoded, may start with -----BEGIN CERTIFICATE REQUEST-----
-
An OpenSSLCertificateSigningRequest instance
(or prior to PHP 8.0.0, a resource of type
-
Public/Private Keys
-
An OpenSSLAsymmetricKey instance
(or prior to PHP 8.0.0, a resource of type
OpenSSL key
) returned from openssl_get_publickey() or openssl_get_privatekey() -
For public keys only: an OpenSSLCertificate instance
(or prior to PHP 8.0.0, a resource of type
OpenSSL X.509
) - A string having the format file://path/to/file.pem - the named file must contain a PEM encoded certificate/private key (it may contain both)
- A string containing the content of a certificate/key, PEM encoded, may start with -----BEGIN PUBLIC KEY-----
-
For private keys, you may also use the syntax
array($key, $passphrase)
where $key represents a key specified using the file:// or textual content notation above, and $passphrase represents a string containing the passphrase for that private key
-
An OpenSSLAsymmetricKey instance
(or prior to PHP 8.0.0, a resource of type