Certification authority management script
composer create-project --prefer-dist jdmaymeow/php-encrypt php-encrypt
- PHP with openssl extension (PHP 5.5 and higher)
- PHP mb-string extension
- Composer to install
Installation from public GitHub repository
git clone https://github.com/jdmaymeow/php-encrypt
cd php-encrypt
composer install
If you are familiar with composer, you can install latest stable version with composer too.
composer create-project --prefer-dist jdmaymeow/php-encrypt [app-name]
There are both versions and you have to be a developer.
Default configuration file is located in
config/encrypt.yml
Default configuration per each certificate type looks like
certificates:
ca:
daysvalid: 7000
x509_extensions: v3_ca
intermediate:
daysvalid: 3650
x509_extensions: v3_intermediate_ca
You can add new configuration if you want anther certificate type
With this script you can sign certificates for CA, Intermediate CA, users and servers. Before you can do this you will need create your CA and Intermediate CA certificates
Example to create CA
php index.php bf:ca DesiredNameCa --CN="My CA" --C=SK --O="My Organization ltd."
To sign certificates you will need Intermediate CA certificate. Here is example:
php index.php bf:intermediatesign DesiredNameCa --CN="My Intermediate CA" --C=SK --O="My Organization ltd." --CA=DesiredNameCa
- DesiredNameCa must be same as name of your certification authority.
- in
--ca=...
you will specify which CA you want use to sign certificate is the same as DesiredNameCa
php index.php bf:usersign jane-doe --CN="Jane Doe" --C=SK --E=jane@doe.local --CA=MyCA
Script will use intermediate.cert and key from MyCa folder.Certificates
If you need override certificate validity you can do it with option --validity
and add your lenght (in days). Example:
php index.php bf:usersign jane-doe --CN="Jane Doe" --C=SK --E=jane@doe.local --validity=30 --CA=MyCA
Before you can sign server certificate go to config/intermediate.cnf
and add to end of this file
[ alt_names ]
# To add domaind add DNS.1, DNS.2 ...
# for multi domain add DNS.1=domain.tld and DNS.2=*.domain.tld
DNS.1 = www.somewhere.com
# If you want add IP addresses add IP.1, Ip.2 ...
# IP.1=127.0.0.1
now you can sign certificate with
php index.php bf:serversign my-server --CN="www.domain.tld" --C=SK --CA=MyCA
Override certificate validity in days (same as in users certificates)
php index.php bf:serversign my-server --CN="www.domain.tld" --C=SK --validity=30 --CA=MyCA
If you want to run your script globally over the system is importatn to change configuration to read current working directory
instead of parrent directory where is script installed. Go to config/app.php
and change following line as on example:
define('WWW_ROOT', ROOT . DS . 'webroot' . DS);
//change to
define('WWW_ROOT', CLI_ROOT . DS . 'webroot' . DS);
Script will now create webroot folder and all certificates i your working directory.
To run script anywhere from windows create Path to forlder which is containing php-encrypt.bat
with this content:
@php "%~dp0path-to-php-encrypt-folder\index.php" %*
TODO comming soon
All you need is backup webroot
folder where are stored all certificates and your config files *.cnf encrypt.yml
if
you have changed them.
- Fork it!
- Create your feature branch:
git checkout -b my-new-feature
- Commit your changes:
git commit -am 'Add some feature'
- Push to the branch:
git push origin my-new-feature
- Submit a pull request :D
TODO: Write history
- May Meow
- BlackFriday community on GitlabCafe
MIT