openssl_pkey_new() throwing errors -- Proper openssl.cnf setup for php
I tried this on my Mac and a fresh install of CentOS 6.3 and I'm getting the same error. I get my CentOS packages from IUS. It's weird though because even though I'm getting this message, the key is actually being generated.
The following code:
$res = openssl_pkey_new();openssl_pkey_export($res, $privkey);var_dump(openssl_error_string());var_dump($privkey);
Gives me the following output:
string(68) "error:0E06D06C:configuration file routines:NCONF_get_string:no value"string(887) "-----BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQDdh4FiOEtUZzvTSnlb/pJHjmsS9rOHQ7PU2WOO6ZHxYRIgK1NRReY7bBwEsT2ziUpx0b8K2Fx4m+XovzysB/lVrKbrdbHoVtGuJGZjYSXgFlCRTBu++TnAPUBF0LGJfxfVzjOkHzsh02lH3fvzFpFgRZRWs4za+vVzIweeOweYTwIDAQABAoGANZD5iS2BkZQw1COS+tqwtlrKq1g6CwAk8NfsCfeSkaJeRqcTS3iydjXrBHtzJwGQnbsRDedJXOSdkE0Ft7dp44lijOAp1ngMDCKbabxVN2Go6b1d743HE0oIhFCCDv2B9kf9vzeYy+0/BVCs5i4iPoKXJJTSJrWoDxrFEJWSJIkCQQDwe39bOFHmQlxzpbfT3DZ8Q311xFo6PewcAf7DTsikoPZANx0GQ41WdZj6/n4QVP4k+TnhZLiJzsH+p3RUrx8tAkEA69LsgPrQMZ0YjsE2vjRLdJmp1916G1xqSLIVWDUPd9Ns+MA8YKTxAQxC3dl3n+w24m7UlCThANlU/+2r0eoi6wJBAKIxGOdEJ/Cdp08UYNRR/Kl4t2A7SwNnChylt9awByEJsqwCv9+epe+/Jqt6AzouqK31LXV4AgJn4W1IMWyAJA0CQCp06/2AqnD0PpKc+JUf5yHT9H8Xsb8xUTVLUopx6xoAp5LVUUl5CKbOpU85ss7JAUyc9YrCZPv5JNN6379ILwcCQQDDcjtNnhQHukQQQ8iVL9YCrWzyCgplTz3uktueT+DdSDK1bCM4xDehfG3RKu1ZNx80Q0nzmi7FSPJ2md7qSIHc-----END RSA PRIVATE KEY-----"
I suspect it being a bug in PHP. Some sort of openssl configuration PHP is getting hung up on. I found a bug report about this on php.net, but it "started working" for the user so the bug was closed.
As an alternative, you can check out phpseclib, a library purely written in PHP.
When using openssl_csr_new make sure the first parameter $dn does not contain keys with empty values.
For example, this call to openssl_csr_new
would trigger the error
0E06D06C:configuration file routines:NCONF_get_string:no value
<?php$dn = [ 'CN' => 'example.com', 'ST' => '', 'C' => '', 'O' => '',];openssl_csr_new($dn, $privKey);
Check if your openssl.cnf has
default_md = md5
in it, else add it to the cnf file and try again if that helps.