private function generateCSR($privateKey, array $domains)
{
$domain = reset($domains);
$san = implode(",", array_map(function ($dns) {
return "DNS:" . $dns;
}, $domains));
$tmpConf = tmpfile();
$tmpConfMeta = stream_get_meta_data($tmpConf);
$tmpConfPath = $tmpConfMeta["uri"];
// workaround to get SAN working
fwrite($tmpConf, 'HOME = .
RANDFILE = $ENV::HOME/.rnd
[ req ]
default_bits = 2048
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
[ v3_req ]
basicConstraints = CA:FALSE
subjectAltName = ' . $san . '
keyUsage = nonRepudiation, digitalSignature, keyEncipherment');
$csr = openssl_csr_new(array("CN" => $domain, "ST" => $this->state, "C" => $this->countryCode, "O" => "Unknown"), $privateKey, array("config" => $tmpConfPath, "digest_alg" => "sha256"));
if (!$csr) {
throw new \RuntimeException("CSR couldn't be generated! " . openssl_error_string());
}
openssl_csr_export($csr, $csr);
fclose($tmpConf);
$csrPath = $this->getDomainPath($domain) . "/last.csr";
file_put_contents($csrPath, $csr);
return $this->getCsrContent($csrPath);
}