I've been struggling with this for two days now.
I've already built an authentication with a client certificate and now I want to use the same certificate to sign documents.
What I've tried so far:
openssl_pkey_get_public($_SERVER["SSL_CLIENT_CERT"]), and It worked fine.openssl_pkey_get_private($_SERVER["SSL_CLIENT_CERT"], "mypwd") but It doesn't work and I don't know why.After that I plan on signing a pdf with that private key using openssl_sign().
Is the first time I am trying to create such things, anyone knows what I'm doing wrong?
My conf:
Apache/2.4.12 (Win32) OpenSSL/1.0.1l PHP/5.6.8
You can't use client certificate's private key, because private key is stored on client machine and it is not transferred to server. Client never give you his key. Any client private key transfer over network = FAILURE. Only public part of the certificate is available on the server.
The only option would be to do signing operations on client side (via ActiveX or something similar that can interact with client certificate store). Say, let client to download the document, sign it there (within a browser) and upload it back or something else.