使用PHP和OpenSSL将P12转换为PEM [英] Convert P12 to PEM using PHP and OpenSSL

问题描述

我正在尝试将某些.p12文件转换为.pem.

I'm trying to convert some .p12 files in to .pem.

在我的Mac上，它可以正常工作，无需交互，因为我在代码中输入了密码，但是当我使用此代码时:

On my mac it works, with no interaction as i put the passwords in the code, but when i use this code:

system('openssl pkcs12 -clcerts -nokeys -out apns-dev-cert.pem -in apns-dev-cert.p12 -passin pass:');
system('openssl pkcs12 -nocerts -out apns-dev-key.pem -in apns-dev-key.p12 -passout pass:1234 -passin pass:');
system('openssl rsa -in apns-dev-key.pem -out apns-dev-key-noenc.pem -passin pass:1234');
system('cat apns-dev-cert.pem apns-dev-key-noenc.pem > apns-dev.pem');

它制作空白文件.

我的文件权限为755.对于密码传递，密码未设置任何内容，因此，为什么它们为空...这里所有没有system()的代码都可在mac终端中使用..

My file permissions are 755. and for the passin the passwords were set to nothing so thats why they are blank... all the code here without the system() works in the mac terminal..

感谢您的阅读.希望你能帮忙

thanks for reading. hope you can help

推荐答案

$filename = 'apns-dev-cert.p12';
$password = '...';
$results = array();
$worked = openssl_pkcs12_read(file_get_contents($filename), $results, $password));
if($worked) {
    echo '<pre>', print_r($results, true), '</pre>';
} else {
    echo openssl_error_string();
}

请尝试运行此代码段.将$password设置为打开文件所需的任何密码短语.如果没有密码，请将其设置为null.我认为您的openssl命令不需要一个.

Please try running this snippet. Set $password to whatever passphrase is needed to open the file. If there's no password, set it to null. I don't believe one is needed from your openssl commands.

您应该使用可能在$results['pkey']内部的所需私钥获取输出.

You should get output with the desired private key, probably inside $results['pkey'].

如果在那里看到私钥，则可以将其传递给

If you see your private key there, then you can pass it to openssl_pkey_export to get it in PEM format, which you can then write to a file:

$new_password = null;
$result = null;
$worked = openssl_pkey_export($results['pkey'], $result, $new_password);
if($worked) {
    echo "<pre>It worked!  Your new pkey is:\n", $result, '</pre>';
} else {
    echo openssl_error_string();
}

如果需要，将$new_password设置为所需的pkey密码.

Set $new_password to your desired pkey password, if you want one.

此应该为您工作，具体取决于我在各种文档页面上所阅读的内容.

This should work for you, based on what I'm reading on the various documentation pages.

如果您真的想通过炮击继续使用openssl命令，请考虑使用

If you really want to continue using the openssl command by shelling out, please consider using proc_open instead of system, so that you can properly catch error messages.

OpenSSL也有可能尝试读取配置文件，但没有这样做的权限，尽管它应该会给您一个错误.

It's also possible that OpenSSL is trying to read the config file, and doesn't have permission to so, though it should give you an error about that.

这篇关于使用PHP和OpenSSL将P12转换为PEM的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！