Hi !
I am currently changing the server for my website, and i make a heavy
use of openssl functions.
Both servers use PHP4.3.3 with OpenSSL 0.9.6i.
I was actually testing with this code, taken out from PHP's
documentation :
<?php
// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$dn = array(
"countryNam e" => "UK",
"stateOrProvinc eName" => "Somerset",
"localityNa me" => "Glastonbur y",
"organizationNa me" => "The Brain Room Limited",
"organizational UnitName" => "PHP Documentation Team",
"commonName " => "Wez Furlong",
"emailAddre ss" => "wez@php.ne t"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_ne w();
// Generate a certificate signing request
$csr = openssl_csr_new ($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sig n($csr, null, $privkey, 365);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail
server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
openssl_csr_exp ort($csr, $csrout) and debug_zval_dump ($csrout);
openssl_x509_ex port($sscert, $certout) and debug_zval_dump ($certout);
openssl_pkey_ex port($privkey, $pkeyout, "mypassword ") and
debug_zval_dump ($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_s tring()) !== false) {
echo $e . "\n";
}
?>
It is working perfectly fine on my previous server ( as it should).
However, not on the new server.
What is strange is I am not getting any error return. Just a plain
"Page not found" error. The error occurs whenever I put a
openssl_csr_new () call in my page. I can generate private key
flawlessly, but not generate any certificate...
Do you have any idea of what is happening ?
Both server's are using PHP of the same version, OpenSSL too ( same
version). the only noticeable difference is :
-The new one is using ZEND performance suite ( licensed )
-New server ( failing) configure command :
Configure Command './configure'
'--with-apxs=/usr/local/apache/bin/apxs' '--with-dbase'
'--with-filepro' '--with-xml' '--enable-ftp' '--with-db'
'--enable-bcmath' '--enable-calendar' '--with-jpeg-dir'
'--with-png-dir' '--with-gd' '--enable-gd-native-ttf'
'--with-freetype-dir' '--with-gettext' '--with-pgsql=/usr'
'--with-mysql=/usr' '--with-zlib-dir' '--enable-trans-sid'
'--with-imap' '--with-kerberos' '--with-imap-ssl' '--with-openssl'
'--enable-sysvsem' '--enable-sysvshm' '--with-curl=/usr/local/lib'
-Old server ( OK) configure commands :
'./configure' '--enable-discard-path'
'--with-config-file-path=/usr/local/lib' '--enable-sigchild'
'--enable-magic-quotes' '--enable-short-tags' '--with-exec-dir=/home/'
'--with-openssl' '--disable-rpath' '--enable-libgcc' '--disable-pic'
'--with-zlib=/' '--enable-bcmath' '--enable-calendar'
'--with-curl=/usr/local' '--with-gdbm=/usr'
'--with-db3=/usr/local/BerkeleyDB.3.3' '--enable-dbase'
'--enable-xslt' '--with-xslt-sablot' '--with-dom' '--with-dom-xslt'
'--with-dom-exslt' '--enable-exif' '--enable-mbstring'
'--enable-mbregex' '--enable-filepro' '--enable-ftp'
'--with-ming=/usr/local' '--with-gd=/usr/local'
'--enable-gd-native-tt' '--with-jpeg-dir=/usr'
'--with-png-dir=/usr/local' '--with-ttf=/usr/local'
'--with-t1lib=/usr' '--with-gettext=/usr' '--with-imap=/usr/local'
'--with-kerberos' '--with-imap-ssl' '--with-mcrypt=/usr/local'
'--with-mhash=/usr/local' '--with-mysql=/usr'
'--with-pdflib=/usr/local' '--with-jpeg-dir=/usr'
'--with-png-dir=/usr/local' '--with-tiff-dir=/usr'
'--with-sablot=/usr/local' '--with-expat-dir=/usr'
'--enable-trans-sid' '--with-regex=system' '--enable-sysvsem'
'--enable-sysvshm' '--enable-wddx' '--with-zziplib=/usr'
'--enable-inline-optimization' '--with-gnu-ld'
Thanks for your help ! It's been 2 days I'm stuck on that thing :( :(
tetedeiench
I am currently changing the server for my website, and i make a heavy
use of openssl functions.
Both servers use PHP4.3.3 with OpenSSL 0.9.6i.
I was actually testing with this code, taken out from PHP's
documentation :
<?php
// Fill in data for the distinguished name to be used in the cert
// You must change the values of these keys to match your name and
// company, or more precisely, the name and company of the person/site
// that you are generating the certificate for.
// For SSL certificates, the commonName is usually the domain name of
// that will be using the certificate, but for S/MIME certificates,
// the commonName will be the name of the individual who will use the
// certificate.
$dn = array(
"countryNam e" => "UK",
"stateOrProvinc eName" => "Somerset",
"localityNa me" => "Glastonbur y",
"organizationNa me" => "The Brain Room Limited",
"organizational UnitName" => "PHP Documentation Team",
"commonName " => "Wez Furlong",
"emailAddre ss" => "wez@php.ne t"
);
// Generate a new private (and public) key pair
$privkey = openssl_pkey_ne w();
// Generate a certificate signing request
$csr = openssl_csr_new ($dn, $privkey);
// You will usually want to create a self-signed certificate at this
// point until your CA fulfills your request.
// This creates a self-signed cert that is valid for 365 days
$sscert = openssl_csr_sig n($csr, null, $privkey, 365);
// Now you will want to preserve your private key, CSR and self-signed
// cert so that they can be installed into your web server, mail
server
// or mail client (depending on the intended use of the certificate).
// This example shows how to get those things into variables, but you
// can also store them directly into files.
// Typically, you will send the CSR on to your CA who will then issue
// you with the "real" certificate.
openssl_csr_exp ort($csr, $csrout) and debug_zval_dump ($csrout);
openssl_x509_ex port($sscert, $certout) and debug_zval_dump ($certout);
openssl_pkey_ex port($privkey, $pkeyout, "mypassword ") and
debug_zval_dump ($pkeyout);
// Show any errors that occurred here
while (($e = openssl_error_s tring()) !== false) {
echo $e . "\n";
}
?>
It is working perfectly fine on my previous server ( as it should).
However, not on the new server.
What is strange is I am not getting any error return. Just a plain
"Page not found" error. The error occurs whenever I put a
openssl_csr_new () call in my page. I can generate private key
flawlessly, but not generate any certificate...
Do you have any idea of what is happening ?
Both server's are using PHP of the same version, OpenSSL too ( same
version). the only noticeable difference is :
-The new one is using ZEND performance suite ( licensed )
-New server ( failing) configure command :
Configure Command './configure'
'--with-apxs=/usr/local/apache/bin/apxs' '--with-dbase'
'--with-filepro' '--with-xml' '--enable-ftp' '--with-db'
'--enable-bcmath' '--enable-calendar' '--with-jpeg-dir'
'--with-png-dir' '--with-gd' '--enable-gd-native-ttf'
'--with-freetype-dir' '--with-gettext' '--with-pgsql=/usr'
'--with-mysql=/usr' '--with-zlib-dir' '--enable-trans-sid'
'--with-imap' '--with-kerberos' '--with-imap-ssl' '--with-openssl'
'--enable-sysvsem' '--enable-sysvshm' '--with-curl=/usr/local/lib'
-Old server ( OK) configure commands :
'./configure' '--enable-discard-path'
'--with-config-file-path=/usr/local/lib' '--enable-sigchild'
'--enable-magic-quotes' '--enable-short-tags' '--with-exec-dir=/home/'
'--with-openssl' '--disable-rpath' '--enable-libgcc' '--disable-pic'
'--with-zlib=/' '--enable-bcmath' '--enable-calendar'
'--with-curl=/usr/local' '--with-gdbm=/usr'
'--with-db3=/usr/local/BerkeleyDB.3.3' '--enable-dbase'
'--enable-xslt' '--with-xslt-sablot' '--with-dom' '--with-dom-xslt'
'--with-dom-exslt' '--enable-exif' '--enable-mbstring'
'--enable-mbregex' '--enable-filepro' '--enable-ftp'
'--with-ming=/usr/local' '--with-gd=/usr/local'
'--enable-gd-native-tt' '--with-jpeg-dir=/usr'
'--with-png-dir=/usr/local' '--with-ttf=/usr/local'
'--with-t1lib=/usr' '--with-gettext=/usr' '--with-imap=/usr/local'
'--with-kerberos' '--with-imap-ssl' '--with-mcrypt=/usr/local'
'--with-mhash=/usr/local' '--with-mysql=/usr'
'--with-pdflib=/usr/local' '--with-jpeg-dir=/usr'
'--with-png-dir=/usr/local' '--with-tiff-dir=/usr'
'--with-sablot=/usr/local' '--with-expat-dir=/usr'
'--enable-trans-sid' '--with-regex=system' '--enable-sysvsem'
'--enable-sysvshm' '--enable-wddx' '--with-zziplib=/usr'
'--enable-inline-optimization' '--with-gnu-ld'
Thanks for your help ! It's been 2 days I'm stuck on that thing :( :(
tetedeiench