[code]<?php // Fill in data for the distinguished name to be used in the cert // You must change the values of these keys to match your name and // company, or more precisely, the name and company of the person/site // that you are generating the certificate for. // For SSL certificates, the commonName is usually the domain name of // that will be using the certificate, but for S/MIME certificates, // the commonName will be the name of the individual who will use the // certificate. $dn = array( "countryName" => "UK", "stateOrProvinceName" => "Somerset", "localityName" => "Glastonbury", "organizationName" => "The Brain Room Limited", "organizationalUnitName" => "PHP Documentation Team", "commonName" => "Wez Furlong", "emailAddress" => "wez@example.com" ); // Generate a new private (and public) key pair $privkey = openssl_pkey_new(); // Generate a certificate signing request $csr = openssl_csr_new($dn, $privkey); // You will usually want to create a self-signed certificate at this // point until your CA fulfills your request. // This creates a self-signed cert that is valid for 365 days $sscert = openssl_csr_sign($csr, null, $privkey, 365); // Now you will want to preserve your private key, CSR and self-signed // cert so that they can be installed into your web server, mail server // or mail client (depending on the intended use of the certificate). // This example shows how to get those things into variables, but you // can also store them directly into files. // Typically, you will send the CSR on to your CA who will then issue // you with the "real" certificate. openssl_csr_export($csr, $csrout) and var_dump($csrout); openssl_x509_export($sscert, $certout) and var_dump($certout); openssl_pkey_export($privkey, $pkeyout, "mypassword") and var_dump($pkeyout); ?>[/code]