Posted by Richard Lynch on 01/06/05 18:23

Gustafson, Tim wrote:
> I am trying to use the OpenSSL module for PHP on a FreeBSD 4.10 server.
> I have CVS'd everything, so I have the most current version of the
> FreeBSD port.
>
> I have attached the PHP file that I'm running. Here's the error message
> I get:
>
> openssl_csr_sign(): cannot get cert from parameter 2
>
> The file that is being referenced is a valid certificate, encoded in
> base-64 format and the path is correct, and OpenSSL is able to sign
> using this certificate and the corresponding key if I run it directly
> from the command line. I have also attached the certificate. What am I
> missing?

You are missing error checking on the openssl_pkey_new() and
openssl_csr_new() function calls.

You don't even know for sure that you have a valid PKEY nor that you have
a valid CSR resource.

And, of course, you should have some error-checking on the return value
from openssl_csr_sign() to see if it worked.

Odds are really good that if you add all that error-checking, and the code
needed to find out what error occurred --
http://php.net/openssl_error_string -- you'll find out that the OpenSSL
software and PHP have conpsired to tell you *exactly* what is going wrong.
:-)

My first Wild Guess would be that your PHP user doesn't have permission to
read your .crt and .key files, or that you don't have a PHP-readable valid
openssl.cnf file.

If all else fails, despite the examples in the manual, you may want to try
to get rid of the 'file://' parts of your file names. But maybe you need
those for some arcane OpenSSL reason beyond my ken. [shrug]

--
Like Music?
http://l-i-e.com/artists.htm

[Back to original message]