Skip to content
OpenSSL PHP Toolkit Library
Branch: master
Clone or download
Pull request Compare This branch is even with hsdn:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

OpenSSL PHP Toolkit Library

PHP library to work with the functions of OpenSSL. Unlike the standard functionality available in the PHP openssl module (, this library supports the standard OpenSSL database of certificates. Perfect for organizing a full OpenSSL PKI functionality in PHP. See tutorial about the PKI functions in OpenSSL.


  • Generate RSA private keys in DER, NET or PEM formats
  • Convert RSA private keys to DER, NET, PEM formats
  • Create a Certificate requests in DER, NET or PEM formats
  • CA Signing a Certificate requests with OpenSSL Database (using config)
  • Create a Certificates in DER, NET or PEM formats
  • Convert Certificates to DER, NET or PEM formats
  • Verifying a Certificates
  • Get info from Certificates
  • Create Certificate Revocation Lists (CRL)
  • Revoke a Certificates on Certificate Revocation Lists
  • Convert CRL to DER and PEM formats
  • Concert Keys and Certificates to PKCS#12 format
  • Concert PKCS#12 format Keys and Certificates to PEM format


Examples (for a PKI functions):

require_once 'src/Openssl.php';

$openssl = new OpenSSL;

// Database configurations 
// See
$openssl->config   = 'PKI/openssl.cnf'; 
$openssl->temp_dir = 'PKI/tmp';

// Create private key
$key = $openssl->rsa_new(FALSE, 1024, 'password', FALSE, 'des3');
// Create signing request
$subj = array
	'C' => 'RU', 
	'ST' => 'Moscow', 
	'L' => 'Moscow Region', 
	'O' => 'My Company', 
	'OU' => 'Company Unit', 
	'CN' => 'Real Name', 
	'emailAddress' => ''

$csr = $openssl->csr_new($key, FALSE, $subj, 'password');

// Sign a certificate request
echo $openssl->csr_sign($csr, FALSE, 'CApassword', 'client_cert');

// Create CRL
$openssl->crl_new(FALSE, 'CApassword');

// Revoke the certificate
$openssl->crl_revoke(file_get_contents('PKI/certs/14.pem'), 'CApassword');
You can’t perform that action at this time.