PHP Conference Nagoya 2025

openssl_pkcs12_export

(PHP 5 >= 5.2.2, PHP 7, PHP 8)

openssl_pkcs12_exportExports a PKCS#12 Compatible Certificate Store File to variable

Descrizione

openssl_pkcs12_export(
    OpenSSLCertificate|string $certificate,
    string &$output,
    #[\SensitiveParameter] OpenSSLAsymmetricKey|OpenSSLCertificate|array|string $private_key,
    #[\SensitiveParameter] string $passphrase,
    array $options = []
): bool

openssl_pkcs12_export() stores certificate into a string named by output in a PKCS#12 file format.

Elenco dei parametri

x509

Vedere parametri delle chiavi/certificati per una lista di valori validi.

output

On success, this will hold the PKCS#12.

private_key

Private key component of PKCS#12 file. See Public/Private Key parameters for a list of valid values.

passphrase

Encryption password for unlocking the PKCS#12 file.

options

Optional array, other keys will be ignored.

Key Descrizione
"extracerts" array of extra certificates or a single certificate to be included in the PKCS#12 file.
"friendly_name" string to be used for the supplied certificate and key

Valori restituiti

Restituisce true in caso di successo, false in caso di fallimento.

Log delle modifiche

Versione Descrizione
8.0.0 certificate accepts an OpenSSLCertificate instance now; previously, a resource of type OpenSSL X.509 CSR was accepted.
8.0.0 private_key accepts an OpenSSLAsymmetricKey or OpenSSLCertificate instance now; previously, a resource of type OpenSSL key or OpenSSL X.509 was accepted.
add a note

User Contributed Notes 4 notes

up
3
simoncpu was here
14 years ago
If your certificate is not password-protected, just use null or a blank string. Otherwise, this function won't work.
up
1
Robert
10 years ago
If you need to provide multiple additional certificates, the 'extracerts' argument needs to be an array with one certificate per element:
<?php
$args
= array(
'extracerts' => array(
0 => '-----BEGIN CERTIFICATE----- cert1 ...',
1 => '-----BEGIN CERTIFICATE----- cert2 ...',
// ...
)
);
?>

You can use this to prepare a PEM.

<?php
$pemChain
= '...';
preg_match_all('/(-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----)/si', $pemChain, $matches);
$args = array('extracerts' => $matches[0]);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
up
1
ismael at privasy dot org
10 years ago
in order to export a private key to pkcs12 format, the input certificate must contain both private and associated public key in PEM format ,

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

else this function might return the following error "openssl_pkcs12_export(): cannot get cert from parameter 1"
up
1
Anonymous
11 years ago
If you want to include CA-Certificates in the PKCS12 it can be accomplished by using the $args parameter.
<?php
$args
= array(
'extracerts' => $CAcert,
'friendly_name' => 'My signed cert by CA certificate'
);
openssl_pkcs12_export($signed_csr, $cerificate_out, $private_key_resource, $passphrase, $args);
?>
To Top