An easy way to use the official EasyRSA collection of shell scripts in your application.
composer require evilfreelancer/easyrsa-php
By the way, EasyRSA library support Laravel and Lumen frameworks, details here.
More examples you can find here.
Before you start use this script need to download the easy-rsa package.
require_once __DIR__ . '/../vendor/autoload.php';
use EasyRSA\Downloader;
$dnl = new Downloader([
'archive' => './easy-rsa.tar.gz',
'scripts' => './easy-rsa',
]);
$dnl->getEasyRSA();
Result of this script will be in easy-rsa
folder.
require_once __DIR__ . '/../vendor/autoload.php';
use Dotenv\Dotenv;
use EasyRSA\Commands;
// Load dotenv?
if (file_exists(__DIR__ . '/../vars.example')) {
Dotenv::createImmutable(__DIR__ . '/../', 'vars.example')->load();
}
$cmd = new Commands([
'scripts' => './easy-rsa',
'certs' => './easy-rsa-certs',
]);
$cmd->initPKI();
$cmd->buildCA(true);
$cmd->genDH();
$cmd->buildServerFull('server', true);
$cmd->buildClientFull('client1', true);
$cmd->buildClientFull('client2', true);
Result of this script will be in easy-rsa-certs
folder.
Method | Description |
---|---|
getContent(string $filename) | Show content of any certificate available in "certs" folder |
initPKI() | Instantiate Public Key Infrastructure (PKI) |
buildCA(bool $nopass = false) | Build Certificate Authority (CA) |
genDH() | Generate Diffie-Hellman certificate (DH) |
genReq() | Generate request for certificate |
signReqClient(string $filename) | Sign request for client certificate |
signReqServer(string $filename) | Sign request for server certificate |
buildClientFull(string $name, bool $nopass = false) | Build public and private key of client |
buildServerFull(string $name, bool $nopass = false) | Build public and private key of server |
revoke(string $filename) | Revoke certificate |
genCRL() | Generate Certificate Revocation List (CRL) |
updateDB() | Update certificates database |
showCert(string $filename) | Display information about certificate |
showReq(string $filename) | Display information about request |
importReq(string $filename) | Import request |
exportP7(string $filename) | Export file in format of Public-Key Cryptography Standards (PKCS) v7 (P7) |
exportP12(string $filename) | Export file in format of Public-Key Cryptography Standards (PKCS) v12 (P12) |
setRSAPass(string $filename) | Set password in Rivest–Shamir–Adleman (RSA) format |
setECPass(string $filename) | Set password in Elliptic Curve (EC) format |
You also can read content of generated certificate via getConfig($filename)
method:
<?php
require_once __DIR__ . '/../vendor/autoload.php';
use \EasyRSA\Commands;
$cmd = new Commands([
'scripts' => './easy-rsa',
'certs' => './easy-rsa-certs',
]);
$file = $cmd->getContent('ca.crt');
echo "$file\n";
$file = $cmd->getContent('server.crt');
echo "$file\n";
$file = $cmd->getContent('server.key');
echo "$file\n";
You can set these variables via environment on host system or with help of vlucas/phpdotenv library or via any other way which you like.
EASYRSA_DN="cn_only"
#EASYRSA_DN="org"
EASYRSA_REQ_COUNTRY="DE"
EASYRSA_REQ_PROVINCE="California"
EASYRSA_REQ_CITY="San Francisco"
EASYRSA_REQ_ORG="Copyleft Certificate Co"
EASYRSA_REQ_EMAIL="[email protected]"
EASYRSA_REQ_OU="My Organizational Unit"
EASYRSA_REQ_CN="ChangeMe"
EASYRSA_KEY_SIZE=2048
EASYRSA_ALGO=rsa
EASYRSA_CA_EXPIRE=3650
EASYRSA_CERT_EXPIRE=3650
EASYRSA_DIGEST="sha256"
Example of environment variables configuration which should be used on certificate build stage can be fond here.
The package's service provider will automatically register its service provider.
Publish the easy-rsa.php
configuration file:
php artisan vendor:publish --provider="EasyRSA\Laravel\ServiceProvider"
After you publish the configuration file as suggested above, you may configure library
by adding the following to your application's .env
file (with appropriate values):
EASYRSA_WORKER=default
EASYRSA_ARCHIVE=./easy-rsa.tar.gz
EASYRSA_SCRIPTS=./easy-rsa
EASYRSA_CERTS=./easy-rsa-certs
If you work with Lumen, please register the service provider and configuration in bootstrap/app.php
:
$app->register(EasyRSA\Laravel\ServiceProvider::class);
$app->configure('easy-rsa');
Manually copy the configuration file to your application.
This library can tested in multiple different ways
composer test:lint
composer test:types
composer test:unit
or just in one command
composer test