SelfSignedCertificate Documentation
The SelfSignedCertificate
class provides functionality to generate self-signed certificates for testing and development purposes. It allows customization of certificate properties such as subject, issuer, validity period, and password protection.
- Overview
- Basic Usage
- Configuration Methods
- Generating the Certificate
- Certificate Structure
- Default Values
- Implementation Details
Overview
This class creates a digital certificate that includes:
- A Certificate Authority (CA) certificate.
- A user certificate signed by the CA.
- Both packaged together in PKCS#12 format.
The generated certificate is suitable for testing electronic signature functionality without requiring a certificate from a commercial Certificate Authority.
Basic Usage
use Derafu\Certificate\SelfSignedCertificate;
use Derafu\Certificate\Service\CertificateLoader;
// Create with default settings.
$selfSigned = new SelfSignedCertificate();
$certificateArray = $selfSigned->toArray();
// Load as a Certificate object.
$loader = new CertificateLoader();
$certificate = $loader->loadFromArray($certificateArray);
Configuration Methods
Setting the Subject
The subject represents the owner of the certificate:
$selfSigned->setSubject(
C: 'US', // Country code (2 letters).
ST: 'California', // State/Province.
L: 'San Francisco', // Locality/City.
O: 'Example Corporation', // Organization.
OU: 'IT Department', // Organizational Unit.
CN: 'John Doe', // Common Name (full name).
emailAddress: '[email protected]', // Email address.
serialNumber: '12345678-9', // ID/Serial number (tax ID, etc.).
title: 'System Administrator' // Title.
);
Only CN
, emailAddress
, and serialNumber
are strictly required. The method will throw a CertificateException
if any of these are empty.
Setting the Issuer
The issuer represents the Certificate Authority that issues the certificate:
$selfSigned->setIssuer(
C: 'US', // Country code
ST: 'Washington', // State/Province
L: 'Seattle', // Locality/City
O: 'Example CA', // Organization
OU: 'Certificate Authority', // Organizational Unit
CN: 'Example Root CA', // CA Name
emailAddress: '[email protected]', // CA Email
serialNumber: '87654321-0' // CA ID
);
Setting the Validity Period
// Set validity to 730 days (2 years).
$selfSigned->setValidity(730);
The default validity period is 365 days (1 year).
Setting the Password
// Set password for the private key.
$selfSigned->setPassword('secure_password');
The default password is 'i_love_derafu'
.
Generating the Certificate
Getting the Certificate Array
// Get the certificate as an array with 'cert' and 'pkey' elements.
$certificateArray = $selfSigned->toArray();
// The array contains:
// [
// 'cert' => '...public key certificate...',
// 'pkey' => '...private key...'
// ]
Getting the Raw PKCS#12 Data
// Get the toPkcs12() method result (PKCS#12 binary data).
$pkcs12Data = $selfSigned->toPkcs12();
// Save to a file.
file_put_contents('certificate.p12', $pkcs12Data);
Certificate Structure
The generated certificate consists of:
- An issuer (CA) certificate that is self-signed.
- A subject certificate that is signed by the issuer.
- Both certificates’ private keys.
The PKCS#12 container includes both certificates and is password-protected using the specified password.
Default Values
If you create a SelfSignedCertificate
without any customization, it will use the following default values:
Default Subject
- Country:
CL
(Chile). - State:
Colchagua
. - Locality:
Santa Cruz
. - Organization:
Intergalactic Robots Organization
. - Organizational Unit:
Technology
. - Common Name:
Daniel Bot
. - Email:
[email protected]
. - Serial Number:
11222333-9
. - Title:
Bot
.
Default Issuer
- Country:
CL
(Chile). - State:
Colchagua
. - Locality:
Santa Cruz
. - Organization:
Derafu
. - Organizational Unit:
Technology
. - Common Name:
Derafu Test Certificate Authority
. - Email:
[email protected]
. - Serial Number:
76192083-9
.
Other Defaults
- Validity: 365 days.
- Password:
i_love_derafu
.
Implementation Details
The SelfSignedCertificate
class uses the PHP OpenSSL extension to:
- Generate a key pair for the issuer.
- Create a Certificate Signing Request (CSR) for the issuer.
- Self-sign the issuer’s CSR to create the issuer certificate.
- Generate a key pair for the subject.
- Create a CSR for the subject.
- Sign the subject’s CSR with the issuer’s certificate.
- Package everything into a PKCS#12 container.
The process mimics a real CA-issued certificate but is entirely self-contained and suitable for testing purposes.