Home/ Questions/Q 9037663
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T09:17:54+00:00

Default certificate file created by PhpSecLib has keyUsage set to: All rules of applications

  • 0

Default certificate file created by PhpSecLib has keyUsage set to: All rules of applications. How could I set keyUsage to digitalSignature that Windows Crypto Shell will show: Ensures the Identity of a remote computer

EDIT

Here is my code:

<?php
include('File/X509.php');
include('Crypt/RSA.php');
$c = $_POST['csr'];

$CAPrivKey = new Crypt_RSA();
$CAPrivKey->setPassword('[...]');
$CAPrivKey->loadKey("-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
");

$issuer = new File_X509();
$issuer->setPrivateKey($CAPrivKey);
$issuer->loadX509("-----BEGIN CERTIFICATE-----
[...]
-----END CERTIFICATE-----
");


$subject = new File_X509();

$subject->loadCSR($c); 


$x509 = new File_X509();
$x509->setStartDate('-1 month');
$x509->setEndDate('+1 year');
$x509->setSerialNumber('125');
$result = $x509->sign($issuer, $subject);


$x509->loadX509($result);
$x509->setExtension('id-ce-keyUsage', array_merge($x509->getExtension('id-ce-   keyUsage'), array('digitalSignature')));
$result = $x509->sign($issuer, $x509);
//echo $x509->saveX509($result);

header('Content-Type: application/x-x509-ca-cert');
header("Content-Disposition: attachment; filename='ssl.cer'");
echo $x509->saveX509($result);

?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Can you post your cert? Because when I use your program it’s totally not doing that for me. My code:

    <?php
include('File/X509.php');
include('Crypt/RSA.php');

$c = '-----BEGIN CERTIFICATE REQUEST-----
MIIBVjCBwgIAMB4xHDAaBgNVBAoME3BocHNlY2xpYiBkZW1vIGNlcnQwgZ0wCwYJKoZIhvcNAQEB
A4GNADCBiQKBgQDF+1/N2DwvdkhoHsLq8LnH99AEGVOGpooSpbPCewbuZeqr/Djb9ySPar2PLySo
Y+kB2QAbxUgpO/57IpWIabQ9jDFIznqLCcLzXKiKOWnMv4KMf55yJ6pwlqoTbUPgyQ67CRAfjcaD
W9VQ/TzdKahdxLFPBAEIEpEX23YpLhTLNQIDAQABMAsGCSqGSIb3DQEBBQOBgQALjJE4OygjvLm0
rzFyMPvAo7Ux6z5qTOi//HQzzmjNun7MV09GTfZgcYeWvuLosJXcn7CPALF5FqHWePs98WioTA7K
WsvdZzm+yJ5UcmzdJ/Jq9X8o1KTsMELN0SQwiNk502a1wbiXotF4OgCsjSdno96PCV9VSF4w69HM
1eXfvg==
-----END CERTIFICATE REQUEST-----';


$CAPrivKey = new Crypt_RSA();
$CAPrivKey->loadKey('-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0FPqri0cb2JZfXJ/DgYSF6vUp
wmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/3j+skZ6UtW+5u09lHNsj6tQ5
1s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQABAoGAFijko56+qGyN8M0RVyaRAXz++xTqHBLh
3tx4VgMtrQ+WEgCjhoTwo23KMBAuJGSYnRmoBZM3lMfTKevIkAidPExvYCdm5dYq3XToLkkLv5L2
pIIVOFMDG+KESnAFV7l2c+cnzRMW0+b6f8mR1CJzZuxVLL6Q02fvLi55/mbSYxECQQDeAw6fiIQX
GukBI4eMZZt4nscy2o12KyYner3VpoeE+Np2q+Z3pvAMd/aNzQ/W9WaI+NRfcxUJrmfPwIGm63il
AkEAxCL5HQb2bQr4ByorcMWm/hEP2MZzROV73yF41hPsRC9m66KrheO9HPTJuo3/9s5p+sqGxOlF
L0NDt4SkosjgGwJAFklyR1uZ/wPJjj611cdBcztlPdqoxssQGnh85BzCj/u3WqBpE2vjvyyvyI5k
X6zk7S0ljKtt2jny2+00VsBerQJBAJGC1Mg5Oydo5NwD6BiROrPxGo2bpTbu/fhrT8ebHkTz2epl
U9VQQSQzY1oZMVX8i1m5WUTLPz2yLJIBQVdXqhMCQBGoiuSoSjafUhV7i1cEGpb88h5NBYZzWXGZ
37sJ5QsW+sJyoNde3xH8vdXhzU7eT82D6X/scw9RZz+/6rCJ4p0=
-----END RSA PRIVATE KEY-----');

$issuer = new File_X509();
$issuer->setPrivateKey($CAPrivKey);
$issuer->loadX509("-----BEGIN CERTIFICATE-----
MIIDITCCAoqgAwIBAgIQT52W2WawmStUwpV8tBV9TTANBgkqhkiG9w0BAQUFADBM
MQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkg
THRkLjEWMBQGA1UEAxMNVGhhd3RlIFNHQyBDQTAeFw0xMTEwMjYwMDAwMDBaFw0x
MzA5MzAyMzU5NTlaMGgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRYwFAYDVQQHFA1Nb3VudGFpbiBWaWV3MRMwEQYDVQQKFApHb29nbGUgSW5jMRcw
FQYDVQQDFA53d3cuZ29vZ2xlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEA3rcmQ6aZhc04pxUJuc8PycNVjIjujI0oJyRLKl6g2Bb6YRhLz21ggNM1QDJy
wI8S2OVOj7my9tkVXlqGMaO6hqpryNlxjMzNJxMenUJdOPanrO/6YvMYgdQkRn8B
d3zGKokUmbuYOR2oGfs5AER9G5RqeC1prcB6LPrQ2iASmNMCAwEAAaOB5zCB5DAM
BgNVHRMBAf8EAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwudGhhd3Rl
LmNvbS9UaGF3dGVTR0NDQS5jcmwwKAYDVR0lBCEwHwYIKwYBBQUHAwEGCCsGAQUF
BwMCBglghkgBhvhCBAEwcgYIKwYBBQUHAQEEZjBkMCIGCCsGAQUFBzABhhZodHRw
Oi8vb2NzcC50aGF3dGUuY29tMD4GCCsGAQUFBzAChjJodHRwOi8vd3d3LnRoYXd0
ZS5jb20vcmVwb3NpdG9yeS9UaGF3dGVfU0dDX0NBLmNydDANBgkqhkiG9w0BAQUF
AAOBgQAhrNWuyjSJWsKrUtKyNGadeqvu5nzVfsJcKLt0AMkQH0IT/GmKHiSgAgDp
ulvKGQSy068Bsn5fFNum21K5mvMSf3yinDtvmX3qUA12IxL/92ZzKbeVCq3Yi7Le
IOkKcGQRCMha8X2e7GmlpdWC1ycenlbN0nbVeSv3JUMcafC4+Q==
-----END CERTIFICATE-----");


$subject = new File_X509();

$subject->loadCSR($c); 


$x509 = new File_X509();
$x509->setStartDate('-1 month');
$x509->setEndDate('+1 year');
$x509->setSerialNumber('125');
$result = $x509->sign($issuer, $subject);


$x509->loadX509($result);
$x509->setExtension('id-ce-keyUsage', array('digitalSignature'));
//$x509->setExtension('id-ce-keyUsage', array_merge($x509->getExtension('id-ce-keyUsage'), array('digitalSignature')));
$result = $x509->sign($issuer, $x509);
//echo $x509->saveX509($result);

header('Content-Type: application/x-x509-ca-cert');
header("Content-Disposition: attachment; filename='ssl.cer'");
echo $x509->saveX509($result);

    Screenshot:

    the cert as displayed in windows

    The cert itself:

    -----BEGIN CERTIFICATE-----
MIICCzCCAXagAwIBAgIDMTI1MAsGCSqGSIb3DQEBBTBoMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQNTW91bnRhaW4gVmlldzETMBEG
A1UEChQKR29vZ2xlIEluYzEXMBUGA1UEAxQOd3d3Lmdvb2dsZS5jb20wIhgPMjAx
MjExMjUwNzE0MTJaGA8yMDEzMTIyNTA3MTQxMlowHjEcMBoGA1UECgwTcGhwc2Vj
bGliIGRlbW8gY2VydDCBnTALBgkqhkiG9w0BAQEDgY0AMIGJAoGBAMX7X83YPC92
SGgewurwucf30AQZU4amihKls8J7Bu5l6qv8ONv3JI9qvY8vJKhj6QHZABvFSCk7
/nsilYhptD2MMUjOeosJwvNcqIo5acy/gox/nnInqnCWqhNtQ+DJDrsJEB+NxoNb
1VD9PN0pqF3EsU8EAQgSkRfbdikuFMs1AgMBAAGjDzANMAsGA1UdDwQEAwIHgDAL
BgkqhkiG9w0BAQUDgYEAMtVKyBpbvD2txhlRtA3VHoL1Zp9E7CN/EqFxpAG7bwZT
8D1gifeff4tGH0zkbGvv+5kb5exBZ+PhGsaaHVZoBQVO33Rkr32rfMeMa7PYb76L
i+f0mOp1QfPbrQuvT/uJx8AUv/Owsk5zLyE7JznsvYQ7VeGARRAike2ThHGcZQ8=
-----END CERTIFICATE-----

    So like I said, it’s working just fine for me.

    Maybe you can post the cert you’re getting when you try to run it? Maybe you can post the CSR you’re using as well?

    • 0