Skip to content

Allow ECDSA P-384 Certs #74

New issue
New issue
Open
Open
Allow ECDSA P-384 Certs#74
@jaysee

Description

@jaysee
jaysee
opened on Apr 14, 2025

Hello,

I managed to generate some ECDSA P-384 certs but had to patch the code:

in vendor/afosto/yaac/src/Helper.php

 public static function getNewKey(int $keyLength, int $keyType = OPENSSL_KEYTYPE_RSA): string
    {
        $options = [
            'private_key_bits' => $keyLength,
            'private_key_type' => $keyType,

        ];
        if (OPENSSL_KEYTYPE_EC == $keyType)
            $options['curve_name'] = 'secp384r1';
        $key = openssl_pkey_new($options);

        openssl_pkey_export($key, $pem);

        return $pem;
    }

in vendor/afosto/yaac/src/Client.php

 public function getCertificate(Order $order): Certificate
    {
        $privateKey = Helper::getNewKey($this->getOption('key_length', 4096), $this->getOption('key_type', OPENSSL_KEYTYPE_RSA));
...
  }

 protected function loadKeys()
    {
       ... (just patch the call to getNewKey)
                Helper::getNewKey($this->getOption('key_length', 4096), $this->getOption('key_type', OPENSSL_KEYTYPE_RSA))
       ...
      
    }

now call using :

 new Afosto\Acme\Client([
                'username' => 'xxxx',
                'fs' => $filesystem,
                'mode' => Afosto\Acme\Client::MODE_LIVE,
                'key_length' => 384,
                'key_type' => OPENSSL_KEYTYPE_EC,
            ]);

i'm not sure the keyLenght is still usefull and it's not the best way to 'force' the curve_name, but works. perhaps need to add some more options

Regards

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions