views:

212

answers:

3

What would be a equivalent example in perl of the bellow code to create a Self-signed certificate ?

All i have available is Crypt::OpenSSL::RSA (if there is another module let me know so i can verify it is available or possible to install as i am not the admin/owner and cannot do it myself due to rights issue) which i havent found on the documents on how to implement such... I did like to avoid command line commands if possible but not if it is the last resort for creating this...

<?php
// The certificate password
$passphrase = "some random password";

// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$certificateInfo = array(
    "countryName" => "UK",
    "stateOrProvinceName" => "England",
    "localityName" => "London",
    "organizationName" => "blabla",
    "organizationalUnitName" => "Bla bla Developer's Team",
    "commonName" => "blabla.com",
    "emailAddress" => "[email protected]"
);

$configargs = array(
    'digest_alg' => 'sha1',
    'private_key_bits' => 1024,
    'private_key_type' => OPENSSL_KEYTYPE_RSA,
    'encrypt_key' => true
    );

// Generate a new private (and public) key pair
$privkey = null;

// Generate a certificate signing request
$csr = openssl_csr_new($certificateInfo, $privkey);

// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sign($csr, null, $privkey, 365, $configargs);//, $configArgs

// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
openssl_csr_export($csr, $csrout);
openssl_x509_export($sscert, $certout);
openssl_pkey_export($privkey, $pkeyout, $passphrase);
?>
A: 

Most of the Perl modules, including the common Crypt::OpenSSL::RSA one you found, are simply wrappers around the openssl command.

So, I would suggest you first consider the data you need and how it would be done on the command-line. There are some great examples and tutorials.

Then, if you want to do this from Perl, you could tweak the example code from Crypt::OpenSSL::RSA or from OpenCA::OpenSSL (another popular module for integrating OpenSSL commands) to include the values and settings you want.

Alternatively, there is a Perl script called CA.pl that's included in every OpenSSL installation: this would also be a good place to take their examples and tweak it to fit your needs. (On my Debian-based server(s) it's installed at /usr/lib/ssl/misc/CA.pl, but it may vary.)

Good luck!

ewall
Thanks for the answer but i am not looking into making or changing an existent one, i am looking for a ready one, i am aware of how to do it from the command line and know how to summon the commands from perl but dealing with all errors (for example wrong installation of openssl, wrong usage of parameters, user input, blocked usage of it to users and so forth) that may appear along will be a pain hence why i am looking forward to find a ready to go one otherwise i might just stick to what i currently have...
Prix
A: 

Have a try on OpenCA::OpenSSL ( http://search.cpan.org/~madwolf/OpenCA-OpenSSL-2.0.29/OpenSSL.pod ). I think this should do what you need.

Erik
Can you post a sample of it doing what is described above because from the docs it does not seem to do it.
Prix
Sorry, I have not example code and no time to write you one. But all methods you are using in your php-example are also provided by OpenCA::OpenSSL. The module ist also still maintained (last update 03 Apr 2010 / Crypt::OpenSSL::CA has last update on 30 Sep 2008). Generate Keypair: genKey(), Generate CertRequest: genReq(), Self-Sign Certificate: genCert()
Erik
well the problem is not generating them is the additional information :) which has nothing documented on the PDO nor the docs which i already went thru hence why i didnt picked it up that is why i asked you to point an example of it creating the certs with those additional info because i could not find anything related on it.
Prix
A: 

You could try Crypt::OpenSSL::CA, the initial example seems to do more or less what you want. You might need to generate the key pair first by some other means, perhaps via Crypt::OpenSSL::RSA.

Bruno