PHP offers several methods to help generate a CSR and private key. Unfortunately, some CSR parts (i.e. subject alternative names) are not easily usable. This Laravel package aims to make the procedure easier within your Laravel application.
This Laravel package requires PHP 8.1 or higher, Laravel 9+ and you will need the openssl extension as that's required
for the openssl_*
php functions used by this package.
This package can be used in any Laravel project.
You can install the package via composer:
composer require vdhicts/laravel-csr-generator
This package is an easy-to-use wrapper around the PHP functions.
All steps can be performed individually to suit all your needs.
// Generate the private key
$privateKey = (new PrivateKeyGenerator())->generate();
// Collect the subject fields
$subjectFields = new SubjectFields(
'example.com',
'security@example.com',
'NL',
'Zuid-Holland',
'Den Haag',
'Example',
'DevOps',
['www.example.com']
);
// Generate the csr
$csr = (new CsrGenerator($subjectFields, $privateKey))->generate();
$csrContent = $csr->export();
The private key can be generated with the PrivateKeyGenerator
. It's possible to manually determine the key bits and
type. Additional options can be provided too. The generator will return null when failed or an instance of PrivateKey
.
$privateKey = (new PrivateKeyGenerator())
->setPrivateKeyBits(8196)
->setPrivateKeyType(OPENSSL_KEYTYPE_RSA)
->setAdditionalOptions(['config' => 'your-config-file'])
->generate();
You can access the OpenSSLAsymmetricKey
as a property.
To convert the private key to a string, use the export
method on the PrivateKey
object or cast the object to a
string:
$privateKeyContent = $privateKey
->setPassPhrase('test-1234!')
->setAdditionalOptions(['config' => 'path-to-your-config-file'])
->export();
To generate the CSR, generate the private key and create the subject fields first. The generator will return null when
failed or an instance of Csr
.
$subjectFields = new SubjectFields(
'example.com',
'security@example.com',
'NL',
'Zuid-Holland',
'Den Haag',
'Example',
'DevOps',
['www.example.com']
);
$csr = (new CsrGenerator($subjectFields, $privateKey))
->setAdditionalOptions(['config' => 'path-to-your-config-file'])
->generate();
You can access the OpenSSLCertificateSigningRequest
as a property.
When providing subject alternative names, the config file from the additional options will be overwritten. This is
required to provide the subject alternative names as those can't be provided directly to the openssl_
functions
built in PHP. If you need to provide subject alternative names and a custom config, leave the subject alternative names
in the SubjectFields
empty and provide your config with the SAN section:
$subjectFields = new SubjectFields(
'example.com',
'security@example.com',
'NL',
'Zuid-Holland',
'Den Haag',
'Example',
'DevOps' // so not providing the subject alternative names here
);
// Create your config file with the subject alternative names
..
// Provide your config file to the generator
$csr = (new CsrGenerator($subjectFields, $privateKey))
->setAdditionalOptions(['config' => 'path-to-your-config-file'])
->generate();
To help you create the config file, it's possible to publish the view for the config file. This view is used by default for generating the config with the subject alternative names.
php artisan vendor:publish --provider="Vdhicts\CsrGenerator\CsrGeneratorServiceProvider" --tag=csr-generator-views
To convert the CSR to a string, use the export
method on the Csr
object or cast the object to a string:
$csrContent = $csr->export();
Some defaults are set which are used by the generators. To change those defaults, publish the configuration file with:
php artisan vendor:publish --provider="Vdhicts\CsrGenerator\CsrGeneratorServiceProvider" --tag=csr-generator-config
Unit tests are available in the tests
folder. Run with:
composer test
When you want a code coverage report which will be generated in the build/report
folder. Run with:
composer test-coverage
Any contribution is welcome, see the Contributing guidelines.
If you discover any security-related issues in this or other packages of Vdhicts, please email security@vdhicts.nl instead of using the issue tracker.
This package is open-sourced software licensed under the MIT license.
Vdhicts is the name of my company for which I work as a freelancer. Vdhicts develops and implements IT solutions for businesses and educational institutions.