Error when generating CSR
hAbd0u opened this issue · comments
Ilyes Abdelrazak Beladel commented
When I try to generate CSR key and parse it like this:
$domain_private_key = $ac->generateRSAKey(2048);
//$domain_private_key = preg_replace("/^\xEF\xBB\xBF/", '', $domain_private_key);
$domain_csr = $ac->generateCSR($domain_private_key, ['apple.highschoolhelper.org']);
$ret = $ac->parseCertificate($domain_csr);
echo "<pre>";
print_r($ret);
echo "</pre>";
Then I get this exception:
Warning: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate!
in /var/www/html/apple.highschoolhelper.org/public_html/libs/ACMECert/ACMECert.php on line 313
Fatal error: Uncaught Exception: Could not load certificate:
-----BEGIN CERTIFICATE REQUEST----- MIICojCCAYoCAQAwJTEjMCEGA1UEAwwaYXBwbGUuaGlnaHNjaG9vbGhlbHBlci5v cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUcL30x/uEDLoVl3Sw +fadN5ElHEohR33z/5oNAun+tpGATRplNiiO7mfWHXLY6g39anhPaHFBGLd3KSSF hZobM7D7B+F6A1Q2IAJLQ//6xopUagIUl6IuMn6xgXCNoV75D97vAAYjM8Q8iwOM mCo3ayhtOjRlmf5XiIiSBq5jbQgCVUn5wcGp2XGseofYYiK4ZA+54b9k5UJJ3pHh 5rERJ93G3JgSUQaXPLtgOpBB2XSS8trfedQWbx79Fb2rSPYdMeZCwV78pkl6gSAR DfeGvatCsVAZcerRLVbCZlfK1RSQ7hQA7HkZJIbU4Bk8hMF9yeJV33q6oYBnP6xZ Rm33AgMBAAGgODA2BgkqhkiG9w0BCQ4xKTAnMCUGA1UdEQQeMByCGmFwcGxlLmhp Z2hzY2hvb2xoZWxwZXIub3JnMA0GCSqGSIb3DQEBDQUAA4IBAQAdfcUvD5csPYFF Asgc8wlPFWcKOWEfTBKCTLLN9f5p0rOJB7YYxrG0nvlbSrDNgB+G60hFcdXfRgeY 1P0JAplLZTYv4JyfFTJyNtwZidjwq0IPe171Mqv7GzXiaGj1qgZTUBeLqwybX+K9 v81zGKrRrx5B30YViNBY/b3/ErFaDnFzX5NOHKBRHrhXkUFQTDRxpXBGJrIb61l4 Ix4cnHbGwHAMVO+8A0cEWHqG4W3lYdRwMb+/jyf8RJ3/qTq4EAtdY7xMMs2kJsnM nFwq12z1CwOStETUSErDhmRzzYGuG29bg4sn2GQHtTP8B2e8vpFJJVlDYIH/SPi8 nuA0v3cW -----END CERTIFICATE
in /var/www/html/apple.highschoolhelper.org/public_html/libs/ACMECert/ACMECert.php on line 314
Stefan Körfgen commented
The parseCertificate
function can only parse x509 certificates, it can not parse certificate requests (CSR).
Unfortunately there is no function in the PHP OpenSSL-Extension which allows full parsing of CSRs like there is for x509 certificates.
As a workaround you could use the openssl command to parse the CSR:
# openssl req -noout -text -in file_containing_your.csr
Certificate Request:
Data:
Version: 1 (0x0)
Subject: CN = apple.highschoolhelper.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:70:bd:f4:c7:fb:84:0c:ba:15:97:74:b0:f9:
f6:9d:37:91:25:1c:4a:21:47:7d:f3:ff:9a:0d:02:
e9:fe:b6:91:80:4d:1a:65:36:28:8e:ee:67:d6:1d:
72:d8:ea:0d:fd:6a:78:4f:68:71:41:18:b7:77:29:
24:85:85:9a:1b:33:b0:fb:07:e1:7a:03:54:36:20:
02:4b:43:ff:fa:c6:8a:54:6a:02:14:97:a2:2e:32:
7e:b1:81:70:8d:a1:5e:f9:0f:de:ef:00:06:23:33:
c4:3c:8b:03:8c:98:2a:37:6b:28:6d:3a:34:65:99:
fe:57:88:88:92:06:ae:63:6d:08:02:55:49:f9:c1:
c1:a9:d9:71:ac:7a:87:d8:62:22:b8:64:0f:b9:e1:
bf:64:e5:42:49:de:91:e1:e6:b1:11:27:dd:c6:dc:
98:12:51:06:97:3c:bb:60:3a:90:41:d9:74:92:f2:
da:df:79:d4:16:6f:1e:fd:15:bd:ab:48:f6:1d:31:
e6:42:c1:5e:fc:a6:49:7a:81:20:11:0d:f7:86:bd:
ab:42:b1:50:19:71:ea:d1:2d:56:c2:66:57:ca:d5:
14:90:ee:14:00:ec:79:19:24:86:d4:e0:19:3c:84:
c1:7d:c9:e2:55:df:7a:ba:a1:80:67:3f:ac:59:46:
6d:f7
Exponent: 65537 (0x10001)
Attributes:
Requested Extensions:
X509v3 Subject Alternative Name:
DNS:apple.highschoolhelper.org
Signature Algorithm: sha512WithRSAEncryption
1d:7d:c5:2f:0f:97:2c:3d:81:45:02:c8:1c:f3:09:4f:15:67:
0a:39:61:1f:4c:12:82:4c:b2:cd:f5:fe:69:d2:b3:89:07:b6:
18:c6:b1:b4:9e:f9:5b:4a:b0:cd:80:1f:86:eb:48:45:71:d5:
df:46:07:98:d4:fd:09:02:99:4b:65:36:2f:e0:9c:9f:15:32:
72:36:dc:19:89:d8:f0:ab:42:0f:7b:5e:f5:32:ab:fb:1b:35:
e2:68:68:f5:aa:06:53:50:17:8b:ab:0c:9b:5f:e2:bd:bf:cd:
73:18:aa:d1:af:1e:41:df:46:15:88:d0:58:fd:bd:ff:12:b1:
5a:0e:71:73:5f:93:4e:1c:a0:51:1e:b8:57:91:41:50:4c:34:
71:a5:70:46:26:b2:1b:eb:59:78:23:1e:1c:9c:76:c6:c0:70:
0c:54:ef:bc:03:47:04:58:7a:86:e1:6d:e5:61:d4:70:31:bf:
bf:8f:27:fc:44:9d:ff:a9:3a:b8:10:0b:5d:63:bc:4c:32:cd:
a4:26:c9:cc:9c:5c:2a:d7:6c:f5:0b:03:92:b4:44:d4:48:4a:
c3:86:64:73:cd:81:ae:1b:6f:5b:83:8b:27:d8:64:07:b5:33:
fc:07:67:bc:be:91:49:25:59:43:60:81:ff:48:f8:bc:9e:e0:
34:bf:77:16
Ilyes Abdelrazak Beladel commented
Thanks, now you cleared thinks to me, it appears parseCertificate is for parsing let's encrypt full chain certificate.