Missing OpenSSL function on PHP to create CRL (certificate revocation list) for CA
MIT License
If you want to create own Certification authority (CA) on pure PHP with OpenSSL extension, you need a function to create certificate revocation list (CRL) which is missing in OpenSSL extension (request #40046).
This lib implements such function - openssl_x509_crl()
use Ukrbublik\openssl_x509_crl\X509;
use Ukrbublik\openssl_x509_crl\X509_CERT;
use Ukrbublik\openssl_x509_crl\X509_CRL;
$ci = array(
'no' => 1,
'version' => 2,
'days' => 30,
'alg' => OPENSSL_ALGO_SHA1,
'revoked' => array(
array(
'serial' => '101',
'rev_date' => time(),
'reason' => X509::getRevokeReasonCodeByName("cessationOfOperation"),
'compr_date' => strtotime("-1 day"),
'hold_instr' => null,
)
)
);
$ca_pkey = openssl_pkey_get_private(file_get_contents('ca_key.key'));
$ca_cert = X509::pem2der(file_get_contents('ca_cert.cer'));
$crl_data = openssl_x509_crl($ci, $ca_pkey, $ca_cert);
//$crl_data contains CRL in DER format