openssl_csr_get_subject

(PHP 5 >= 5.2.0, PHP 7, PHP 8)

openssl_csr_get_subject — 返回 CSR 的主题

说明

openssl_csr_get_subject(OpenSSLCertificateSigningRequest|string $csr, bool $short_names = true): array|false

openssl_csr_get_subject() 返回 csr 中专有名称信息的主题，其中包含了通用名称（CN）、机构名称（O）、国家名（C）等字段。

参数

csr: See CSR parameters for a list of valid values.
short_names: shortnames 控制着数据如何在数组中被索引 - 如果 shortnames 为 true (默认) 将使用简称形式对字段进行索引，否则将使用全称形式 - 比如： CN 就是 commonName 的简称形式。

返回值

返回带有主题描述的关联数组，或者在失败时返回 false。

更新日志

版本	说明
8.0.0	`csr` 现在接受 OpenSSLCertificateSigningRequest 实例；之前接受类型 `OpenSSL X.509 CSR` 的 resource。

示例

示例 #1 openssl_csr_get_subject() 示例

<?php
$subject = array(
    "countryName" => "CA",
    "stateOrProvinceName" => "Alberta",
    "localityName" => "Calgary",
    "organizationName" => "XYZ Widgets Inc",
    "organizationalUnitName" => "PHP Documentation Team",
    "commonName" => "Wez Furlong",
    "emailAddress" => "wez@example.com",
);
$private_key = openssl_pkey_new(array(
    "private_key_bits" => 2048,
    "private_key_type" => OPENSSL_KEYTYPE_RSA,
));
$configargs = array(
    'digest_alg' => 'sha512WithRSAEncryption'
);
$csr = openssl_csr_new($subject, $privkey, $configargs);
print_r(openssl_csr_get_subject($csr));
?>

以上示例的输出类似于：

Array
(
    [C] => CA
    [ST] => Alberta
    [L] => Calgary
    [O] => XYZ Widgets Inc
    [OU] => PHP Documentation Team
    [CN] => Wez Furlong
    [emailAddress] => wez@example.com
)

参见

openssl_csr_new() - 生成一个 CSR
openssl_csr_get_public_key() - 返回 CSR 的公钥
openssl_x509_parse() - 解析一个 X509 证书并作为一个数组返回信息

发现了问题？

了解如何改进此页面 • 提交拉取请求 • 报告一个错误

＋添加备注

用户贡献的备注 4 notes

down

pdm at wp dot pl ¶

9 years ago

openssl_csr_get_subject('somedomain.com',false);returnarray(7) {  ["countryName"]=> string "XX"  ["stateOrProvinceName"]=> string "xxxxxxxxx"  ["localityName"]=> string "xxxxxxxx"  ["organizationName"]=> string "xxxxxxxxx"  ["organizationalUnitName"]=>string "xxxx"  ["commonName"]=>string "xxx"  ["emailAddress"]=>string "xxx"} openssl_csr_get_subject('somedomain.com',true);returnarray(7) {  ["C"]=> string "XX"  ["ST"]=> string "xxxxxxxxx"  ["L"]=> string "xxxxxxxx"  ["O"]=> string "xxxxxxxxx"  ["OU"]=>string "xxxx"  ["CN"]=>string "xxx"  ["emailAddress"]=>string "xxx"}

down

Steve ¶

9 years ago

This function may not return name fields in the order they appear in the certificate.  For example, this CSR:-----BEGIN CERTIFICATE REQUEST-----MIHsMIGUAgEAMDIxEDAOBgNVBAsMB3VuaXQgIzExDDAKBgNVBAoMA29yZzEQMA4GA1UECwwHdW5pdCAjMjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGvZnFxGuVzJhOKPs5RNxZBS4vY6ERaqm5tKMGOhxLSfv/dpjDtNNdSHkIGNjYxclHYhxG0ku7BYPA5uPIjng1SgADAKBggqhkjOPQQDAgNHADBEAiB4GXhhbEU1UFTCe0dwJnKHTQuIxzYL5FnyhmKdixN/0gIgBXSm9S8L/oJ6rBxemin/V/xKv5jy4TEZuz84nnshxQQ=-----END CERTIFICATE REQUEST-----When processed by 'openssl -noout -subject' gives this:subject=/OU=unit #1/O=org/OU=unit #2On the other hand, 'var_dump( openssl_csr_get_subject( "..." ) )' will produce this:csr = array(2) {  ["OU"]=>  array(2) {    [0]=>    string(7) "unit #1"    [1]=>    string(7) "unit #2"  }  ["O"]=>  string(3) "org"}As you can see, ordering information (which may be important for some applications) is lost.

down

mikko koivu ¶

15 years ago

this function does not yet return SANs (subject alternative names) fields for UC certificates like those used in exchange 2007.

down

-1

stephan[at]strato-rz[dot]de ¶

16 years ago

The returning assoziative array is indexed with the fieldsin the subject so you should have a array key named CN,OU and so on.