PHP openssl equivalents for Perl ?

Question

What would be a equivalent example in perl of the bellow code to create a Self-signed certificate ?

All i have available is Crypt::OpenSSL::RSA (if there is another module let me know so i can verify it is available or possible to install as i am not the admin/owner and cannot do it myself due to rights issue) which i havent found on the documents on how to implement such... I did like to avoid command line commands if possible but not if it is the last resort for creating this...

<?php
// The certificate password
$passphrase = "some random password";

// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$certificateInfo = array(
    "countryName" => "UK",
    "stateOrProvinceName" => "England",
    "localityName" => "London",
    "organizationName" => "blabla",
    "organizationalUnitName" => "Bla bla Developer's Team",
    "commonName" => "blabla.com",
    "emailAddress" => "[email protected]"
);

$configargs = array(
    'digest_alg' => 'sha1',
    'private_key_bits' => 1024,
    'private_key_type' => OPENSSL_KEYTYPE_RSA,
    'encrypt_key' => true
    );

// Generate a new private (and public) key pair
$privkey = null;

// Generate a certificate signing request
$csr = openssl_csr_new($certificateInfo, $privkey);

// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365, $configargs);//, $configArgs

// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
openssl_csr_export($csr, $csrout);
openssl_x509_export($sscert, $certout);
openssl_pkey_export($privkey, $pkeyout, $passphrase);
?>

Answer 1

Most of the Perl modules, including the common Crypt::OpenSSL::RSA one you found, are simply wrappers around the openssl command.

So, I would suggest you first consider the data you need and how it would be done on the command-line. There are some great examples and tutorials.

Then, if you want to do this from Perl, you could tweak the example code from Crypt::OpenSSL::RSA or from OpenCA::OpenSSL (another popular module for integrating OpenSSL commands) to include the values and settings you want.

Alternatively, there is a Perl script called CA.pl that's included in every OpenSSL installation: this would also be a good place to take their examples and tweak it to fit your needs. (On my Debian-based server(s) it's installed at /usr/lib/ssl/misc/CA.pl, but it may vary.)

Good luck!

Answer 2

Have a try on OpenCA::OpenSSL ( http://search.cpan.org/~madwolf/OpenCA-OpenSSL-2.0.29/OpenSSL.pod ). I think this should do what you need.

Answer 3

You could try Crypt::OpenSSL::CA, the initial example seems to do more or less what you want. You might need to generate the key pair first by some other means, perhaps via Crypt::OpenSSL::RSA.