Certification Authority

Manage the creation of certificates. Allow to create a Certificate Authority and sign the childs certificates.

It allow to manage the CSR (Certificate Signing Request), allow alternate names, create private keys if needed

Example 1 : Create a Certificate Authority and get private and public keys

$certificationauthority = new Domframework\Certificationauthority ();
$certificationauthority->createCA ("FR", "FOURNIER38", "CATEST");
$caCert = $certificationauthority->caCert ();
$caKey = $certificationauthority->caKey ();

Example 2 : Create a new Certificate Signing Request

$certificationauthority = new Domframework\Certificationauthority ();
$csr =  $certificationauthority->createCSR ("FR", "FOURNIER38",
        "COMPUTER.fournier38.fr");
$key = $certificationauthority->privateKey ();

Example 3 : Sign a CSR (cert is valid 1 year)

$certificationauthority = new Domframework\Certificationauthority ();
$certificationauthority->caKey ("The PEM CA key");
$certificationauthority->caCert ("The PEM CA Cert");
$cert = $certificationauthority->signCSR ($csr, $caCert, $caKey);

Example 4 : Sign a CSR (cert is valid 2 year)

$certificationauthority = new Domframework\Certificationauthority ();
$certificationauthority->caKey ("The PEM CA key");
$certificationauthority->caCert ("The PEM CA Cert");
$cert = $certificationauthority->signCSR ($csr, $caCert, $caKey, 365 * 2);

Example 5 : Sign a CSR (cert is valid 2 year, and alternate names)

$certificationauthority = new Domframework\Certificationauthority ();
$certificationauthority->caKey ("The PEM CA key");
$certificationauthority->caCert ("The PEM CA Cert");
$cert = $certificationauthority->signCSR ($csr, $caCert, $caKey, 365 * 2,
  ["ALT1.example.com","ALT2.example.com"]);

The class definition

Class Domframework\Certificationauthority

Namespace Domframework

Description

/**
 An certificate authority

Properties

No property available

Methods

public function __construct ()

/**
 Check if openssl support is available in PHP

public function __destruct ()

/**
 Remove the temporary files when destroying the object

public function caCert ( $caCert=null)

/**
 Get/Set the ca cert
 @param string|null $caCert The CA cert to get/set
 @return ($caCert is null ? string : $this) the CA if get in PEM, $this if set

public function caKey ( $caKey=null)

/**
 Get/Set the ca key
 @param string|null $caKey The CA key to get/set
 @return ($caKey is null ? string : $this) the CA if get, $this if set

public function createCA ( $countryName, $organizationName, $commonName, $days=3650)

/**
 Create the pair key/cert for authority
 @param string $countryName Country name (like FR)
 @param string $organizationName Name of organization
 @param string $commonName Common name of authority
 @param integer|null $days The number of days of validity of the CA (3650
   by default)
 @return $this

public function createCSR ( $countryName, $organizationName, $commonName)

/**
 Create a CSR.
 Will create a private key if none is already exists
 @param string $countryName Country name (like FR)
 @param string $organizationName Name of organization
 @param string $commonName Common name of authority
 @return string the CSR created in PEM

public function createPrivateKey ()

/**
 Create a private key
 @return $this;

public function privateKey ( $privateKey=null)

/**
 Get in PEM/Set the private key
 @param string|null $privateKey The private key to use
 @return ($privateKey is null ? string : $this) the privatekey if get in PEM, $this if set

public function signCSR ( $csr, $caCert, $caKey, $days=365, $altNames=array ())

/**
 Sign a CSR with an CA cert/key pair and return the signed certificate in
 PEM mode
 The caCert and caKey must be defined
 @param string $csr The CSR to sign
 @param string $caCert The CA Certificate
 @param string $caKey The CA private key
 @param integer|null $days The number of days of validity (365 by default)
 @param array|null $altNames The alternative names allowed in cert
 @return string the signed certificate in PEM