1
votes

I need to generate a CSR key from a private key/cert

When doing this I get an error

openssl_csr_new(): dn: add_entry_by_NID 48 -> (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) test.php(33)

$dn = [
    'commonName'            => '123@-1552-21',// 'func_id@activationcode',
    'organizationalUnitName'=> 'test',
    'organizationName'      => 'test',
    'localityName'          => 'DK',
    'stateOrProvinceName'   => 'DK',
    'countryName'           => 'DK',
    'emailAddress'          => ''
];

$csr = [
    'private_key_bits'  => 2048,
    'private_key_type'  => OPENSSL_KEYTYPE_RSA,
    'encrypt_key'       => true
];

$private_key = openssl_pkey_get_private('./1_0010444508001.pem');

$csr = openssl_csr_new($dn, $private_key, [
    'digest_alg' => 'sha256'
]);

openssl_csr_export($csr, $csrout);
openssl_pkey_export($private_key, $pkeyout, '');

echo $csrout . "\n" . $pkeyout;
1
I don't want to flag this as a duplicate because this solution suggests using a different library. Maybe if you can't get this to work, that option may be of use.IsThisJavascript
"...dn:add_entry_by_NID 48 ..." - does not look like it complains about the private key but instead about your dn. NID 48 is emailAddress, thus check this part of dn.Steffen Ullrich
@SteffenUllrich thanks.. the emailAddress can't be empty.. create an answer :)clarkk

1 Answers

1
votes

openssl_csr_new(): dn: add_entry_by_NID 48 -> (failed; check error queue and value of string_mask OpenSSL option if illegal characters are reported) test.php(33)

The problem is not the private key but the problem is in the dn. It complains that there is a problem adding the attribute with NID 48 to the CSR. NID 48 is the NID for emailAddress so it complains about the contents of this field. Looks like it should not be empty.