openssl_pkcs12_export

(PHP 5 >= 5.2.2, PHP 7, PHP 8)

openssl_pkcs12_export将 PKCS#12 兼容证书存储文件导出到变量

说明

openssl_pkcs12_export ( mixed $x509 , string &$out , mixed $priv_key , string $pass , array $args = ? ) : bool

openssl_pkcs12_export() 以 PKCS#12 文件格式 将 x509 导入到以out命名类型为字符串的变量中。

参数

x509

参见密钥/证书参数以获取有效值列表。

out

成功,该字符串将为 PKCS#12 格式。

priv_key

PKCS#12 文件的私钥部分file, 参见 公/私钥参数 获取更多可用列表。

pass

用来解锁 PKCS#12 文件的解密密码。

args

可选数组,其他主键将被忽略。

Key 说明
"extracerts" PKCS#12 文件中包含的额外证书或单个证书的数组。
"friendlyname" 被证书和密钥使用的字符串

返回值

成功时返回 true, 或者在失败时返回 false

User Contributed Notes

Robert 15-May-2014 05:36
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args
= array(
   
'extracerts' => array(
       
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
       
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
       
// ...
       
)
    );
?>

You can use this to prepare a PEM.

<?php
$pemChain
= '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
ismael at privasy dot org 24-Apr-2014 09:38
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format , 

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
Anonymous 29-Nov-2013 12:24
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args
= array(
              
'extracerts' => $CAcert,
              
'friendly_name' => 'My signed cert by CA certificate'
             
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
mryom 29-Mar-2011 11:01
Example:

<?php
$key
= openssl_pkey_get_private(Private_Key, Password);

openssl_pkcs12_export(Certificate, $iis, $key, Password);
?>
simoncpu was here 11-May-2010 02:28
If your certificate is not password-protected, just use null or a blank string.  Otherwise, this function won't work.