skoerfgen/ACMECert

Error when generating CSR

hAbd0u opened this issue · 2 comments

When I try to generate CSR key and parse it like this:

$domain_private_key = $ac->generateRSAKey(2048);
//$domain_private_key = preg_replace("/^\xEF\xBB\xBF/", '', $domain_private_key);
$domain_csr = $ac->generateCSR($domain_private_key, ['apple.highschoolhelper.org']);
$ret = $ac->parseCertificate($domain_csr);


echo "<pre>";
print_r($ret);
echo "</pre>";

Then I get this exception:

Warning: openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate! 
in /var/www/html/apple.highschoolhelper.org/public_html/libs/ACMECert/ACMECert.php on line 313

Fatal error: Uncaught Exception: Could not load certificate:
 -----BEGIN CERTIFICATE REQUEST----- MIICojCCAYoCAQAwJTEjMCEGA1UEAwwaYXBwbGUuaGlnaHNjaG9vbGhlbHBlci5v cmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUcL30x/uEDLoVl3Sw +fadN5ElHEohR33z/5oNAun+tpGATRplNiiO7mfWHXLY6g39anhPaHFBGLd3KSSF hZobM7D7B+F6A1Q2IAJLQ//6xopUagIUl6IuMn6xgXCNoV75D97vAAYjM8Q8iwOM mCo3ayhtOjRlmf5XiIiSBq5jbQgCVUn5wcGp2XGseofYYiK4ZA+54b9k5UJJ3pHh 5rERJ93G3JgSUQaXPLtgOpBB2XSS8trfedQWbx79Fb2rSPYdMeZCwV78pkl6gSAR DfeGvatCsVAZcerRLVbCZlfK1RSQ7hQA7HkZJIbU4Bk8hMF9yeJV33q6oYBnP6xZ Rm33AgMBAAGgODA2BgkqhkiG9w0BCQ4xKTAnMCUGA1UdEQQeMByCGmFwcGxlLmhp Z2hzY2hvb2xoZWxwZXIub3JnMA0GCSqGSIb3DQEBDQUAA4IBAQAdfcUvD5csPYFF Asgc8wlPFWcKOWEfTBKCTLLN9f5p0rOJB7YYxrG0nvlbSrDNgB+G60hFcdXfRgeY 1P0JAplLZTYv4JyfFTJyNtwZidjwq0IPe171Mqv7GzXiaGj1qgZTUBeLqwybX+K9 v81zGKrRrx5B30YViNBY/b3/ErFaDnFzX5NOHKBRHrhXkUFQTDRxpXBGJrIb61l4 Ix4cnHbGwHAMVO+8A0cEWHqG4W3lYdRwMb+/jyf8RJ3/qTq4EAtdY7xMMs2kJsnM nFwq12z1CwOStETUSErDhmRzzYGuG29bg4sn2GQHtTP8B2e8vpFJJVlDYIH/SPi8 nuA0v3cW -----END CERTIFICATE 
in /var/www/html/apple.highschoolhelper.org/public_html/libs/ACMECert/ACMECert.php on line 314

The parseCertificate function can only parse x509 certificates, it can not parse certificate requests (CSR).

Unfortunately there is no function in the PHP OpenSSL-Extension which allows full parsing of CSRs like there is for x509 certificates.

As a workaround you could use the openssl command to parse the CSR:

# openssl req -noout -text -in file_containing_your.csr
Certificate Request:
    Data:
        Version: 1 (0x0)
        Subject: CN = apple.highschoolhelper.org
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:70:bd:f4:c7:fb:84:0c:ba:15:97:74:b0:f9:
                    f6:9d:37:91:25:1c:4a:21:47:7d:f3:ff:9a:0d:02:
                    e9:fe:b6:91:80:4d:1a:65:36:28:8e:ee:67:d6:1d:
                    72:d8:ea:0d:fd:6a:78:4f:68:71:41:18:b7:77:29:
                    24:85:85:9a:1b:33:b0:fb:07:e1:7a:03:54:36:20:
                    02:4b:43:ff:fa:c6:8a:54:6a:02:14:97:a2:2e:32:
                    7e:b1:81:70:8d:a1:5e:f9:0f:de:ef:00:06:23:33:
                    c4:3c:8b:03:8c:98:2a:37:6b:28:6d:3a:34:65:99:
                    fe:57:88:88:92:06:ae:63:6d:08:02:55:49:f9:c1:
                    c1:a9:d9:71:ac:7a:87:d8:62:22:b8:64:0f:b9:e1:
                    bf:64:e5:42:49:de:91:e1:e6:b1:11:27:dd:c6:dc:
                    98:12:51:06:97:3c:bb:60:3a:90:41:d9:74:92:f2:
                    da:df:79:d4:16:6f:1e:fd:15:bd:ab:48:f6:1d:31:
                    e6:42:c1:5e:fc:a6:49:7a:81:20:11:0d:f7:86:bd:
                    ab:42:b1:50:19:71:ea:d1:2d:56:c2:66:57:ca:d5:
                    14:90:ee:14:00:ec:79:19:24:86:d4:e0:19:3c:84:
                    c1:7d:c9:e2:55:df:7a:ba:a1:80:67:3f:ac:59:46:
                    6d:f7
                Exponent: 65537 (0x10001)
        Attributes:
        Requested Extensions:
            X509v3 Subject Alternative Name:
                DNS:apple.highschoolhelper.org
    Signature Algorithm: sha512WithRSAEncryption
         1d:7d:c5:2f:0f:97:2c:3d:81:45:02:c8:1c:f3:09:4f:15:67:
         0a:39:61:1f:4c:12:82:4c:b2:cd:f5:fe:69:d2:b3:89:07:b6:
         18:c6:b1:b4:9e:f9:5b:4a:b0:cd:80:1f:86:eb:48:45:71:d5:
         df:46:07:98:d4:fd:09:02:99:4b:65:36:2f:e0:9c:9f:15:32:
         72:36:dc:19:89:d8:f0:ab:42:0f:7b:5e:f5:32:ab:fb:1b:35:
         e2:68:68:f5:aa:06:53:50:17:8b:ab:0c:9b:5f:e2:bd:bf:cd:
         73:18:aa:d1:af:1e:41:df:46:15:88:d0:58:fd:bd:ff:12:b1:
         5a:0e:71:73:5f:93:4e:1c:a0:51:1e:b8:57:91:41:50:4c:34:
         71:a5:70:46:26:b2:1b:eb:59:78:23:1e:1c:9c:76:c6:c0:70:
         0c:54:ef:bc:03:47:04:58:7a:86:e1:6d:e5:61:d4:70:31:bf:
         bf:8f:27:fc:44:9d:ff:a9:3a:b8:10:0b:5d:63:bc:4c:32:cd:
         a4:26:c9:cc:9c:5c:2a:d7:6c:f5:0b:03:92:b4:44:d4:48:4a:
         c3:86:64:73:cd:81:ae:1b:6f:5b:83:8b:27:d8:64:07:b5:33:
         fc:07:67:bc:be:91:49:25:59:43:60:81:ff:48:f8:bc:9e:e0:
         34:bf:77:16

Thanks, now you cleared thinks to me, it appears parseCertificate is for parsing let's encrypt full chain certificate.