Installation
To use PHP’s OpenSSL support you must also compile PHP —with-openssl.
The OpenSSL library also has additional requirements for normal operation at
run-time. Most notably, OpenSSL requires access to a random or pseudo-random
number generator; on most Unix and Unix-like platforms (including Linux),
this means that it must have access to a /dev/urandom or
/dev/random device.
The configure option —with-system-ciphers
is available which causes PHP to use the system cipher list instead of a hard-coded default.
Note:
Note to Win32 UsersIn order for this extension to work, there are
DLL files that must be available to the Windows
system PATH. For information on how to do this, see the
FAQ entitled «How do I add my PHP directory to the PATH
on Windows». Although copying DLL
files from the PHP folder into the Windows system directory also works
(because the system directory is by default in the system’s
PATH), this is not recommended.
This extension requires the following files to be in the
PATH:
libeay32.dll,
or, as of OpenSSL 1.1, libcrypto-*.dllAdditionally, if you are planning to use the key generation and certificate
signing functions, you will need to install a valid
openssl.cnf file on your system.
We include a sample configuration file
in our win32 binary distributions, in the
extras/ssl directory.PHP will search for the openssl.cnf using the
following logic:
- the
OPENSSL_CONFenvironmental variable, if
set, will be used as the path (including filename) of the configuration
file.
- the
SSLEAY_CONFenvironmental variable, if
set, will be used as the path (including filename) of the configuration
file.
- The file openssl.cnf will be assumed to be
found in the default certificate area, as configured at the time that
the openssl DLL was compiled. This is usually means that the default
filename is C:\Program Files\Common Files\SSL\openssl.cnf (x64)
or C:\Program Files (x86)\Common Files\SSL\openssl.cnf (x86), or,
prior to PHP 7.4.0, C:\usr\local\ssl\openssl.cnf.
In your installation, you need to decide whether to install the
configuration file in the default path or
whether to install it someplace else and use environmental variables
(possibly on a per-virtual-host basis) to locate the configuration file.
Note that it is possible to override the default path from the script using
theoptionsof the functions that require a
configuration file.
Caution
Ensure that non-privileged users are not allowed to modify openssl.cnf.
As of OpenSSL 3.0.0, which is used on Windows by default as of PHP 8.2.0, several
algorithms have been deemed legacy. Such algorithms have commonly fallen out of use,
have been deemed insecure by the cryptography community, or something similar.
These algorithms are still available via the legacy provider
(extras/ssl/legacy.dll); its usage is described in the
» provider configuration
section of the OpenSSL manual.
Changelog
| Version | Description |
|---|---|
| 7.4.0 |
The —with-openssl[=DIR] doesn’t accept a directory argument anymore in favor of setting the pkg-config variable PKG_CONFIG_PATH to OpenSSL location, or by specifying the OPENSSL_LIBS and OPENSSL_CFLAGS variables. |
| 7.4.0 |
The OpenSSL default config path has been changed from C:\usr\local\ssl to C:\Program Files\Common Files\SSL and C:\Program Files (x86)\Common Files\SSL, respectively. |
Found A Problem?
Alan ¶
13 years ago
Having recently installed Apache2.2 with PHP 5.2.17 on my Windows 7 development machine, I want to pass along my findings about how to set things up to load the correct versions of the OpenSSL DLLs. Many people have posted elsewhere about the "DLL Hell" that results if the a wrong version is loaded.
First, install Apache 2.2 and check its operation, then download the Windows binaries for PHP from http://windows.php.net/download/. Note that according to the sidebar on that page the recommended version of PHP for use with Apache2 is currently 5.2.17, even though it is back level. Plus, this version comes with all the DLLs you need to use OpenSSL -- no need to recompile as the old PHP man page suggests.
Having verified the PHP installation, turn on the OpenSSL support by uncommenting the line
extension=php_openssl.dll
in php.ini, which you will find in the PHP directory (I'll assume you made that c:/PHP). Next check the location of php_openssl.dll, which you should find in c:/PHP/ext. Also in php.ini find the key extension_dir, and change its value to c:/php/ext. Next, put this location on the end of your PATH (there's no need to reboot).
At this point, when you start Apache it will attempt to load php_openssl.dll, but if your setup is anything like mine you will see an error. I prefer to start Apache manually, and the error appears in a dialog box: "The ordinal 4114 could not be located in the dynamic link library LIBEAY32.dll". (I'm not sure whether you would get this message if you started Apache as a service). The Apache log also contains an error message saying that php_openssl.dll cannot be loaded, though that message doesn't name libeay32.dll. Welcome to DLL Hell.
Libeay32.dll enters the picture because php_openssl.dll depends on it (and also on ssleay32.dll). What I think happens is that Apache first tries to load php_openssl.dll programmatically from the path specified by the extension_dir key. But then, the loading of the so-called dependent DLLs is left to Windows' default mechanism. If Windows finds an incompatible version of a dependent DLL, you get the error.
So clearly the fix is to ensure that the correct version of libeay32.dll is loaded. On my machine, at least three other processes have loaded various versions of this same DLL. They include the Mozy backup client, Windows Explorer (because Mozy installs support in Explorer) and the OpenOffice suite. My machine is quite different in this respect from a dedicated server on which one probably wants as few extraneous processes as possible. Presumably on a server one can follow advice that suggests copying the dlls to the system32 directory, for example. But I'm not about to mess with my other programs by making system-wide changes.
So what to do? I didn't find the available information on how Windows searches for DLLs to be very useful, mainly because I didn't understand it. But it does say that the first place Windows looks is "The directory from which the application loaded."
To cut to the chase, after a lot of experimentation I came to a key realization -- "the application" is APACHE, not PHP. So I copied libeay32.dll to the Apache2.2/bin directory. Problem solved. No error messages and running phpinfo confirms that OpenSSL is present and enabled.
Good luck, and stay out of DLL Hell.
epos_jk ¶
7 years ago
Beginning with version 1.1.0 OpenSSL did change their libary names!
libeay32.dll is now libcrypto-*.dll (e.g. libcrypto-1_1-x64.dll for OpenSSL 1.1.x on 64bit windows)
ssleay32.dll is now libssl-*.dll (e.g. libssl-1_1-x64.dll for OpenSSL 1.1.x on 64bit windows)
jaimz at vertigolabs dot org ¶
10 years ago
I just wanted to point out that when you compile with openssl and you're specifying a directory, the acinclude.m4 and aclocal.m4 use that directory as such:
{your directory}/includes/openssl/{headerfile}
That being said, you want to specify the directory that the includes directory is in, not the specific directory with the header files.
THIS IS WRONG --with-openssl=/usr/local/includes/openssl
THIS IS RIGHT --with-openssl=/usr/local
php-net-comment at shaunc dot com ¶
3 years ago
FreeBSD includes a modern version of OpenSSL as part of its base system, but doesn't appear to have a pkg-config file, so the PHP configure script can't find the libraries. When compiling PHP on FreeBSD, you should define the OPENSSL_LIBS and OPENSSL_CFLAGS environment variables before running PHP's configure. For FreeBSD 12, the following will work:
export OPENSSL_LIBS="-L/usr -lssl -lcrypto -lz" && export OPENSSL_CFLAGS="-I/usr/include" && ./configure --with-openssl [...other configure options...]
Fernando rubio ¶
13 years ago
OpenSSL and IIS
Open php.ini
uncomment the following:
extension=php_openssl.dll
Make sure you have config the following section pointing to your php install directory (in my case is located in a second partition at e:\php) (very recommended practice)
; Directory in which the loadable extensions (modules) reside.
extension_dir = "e:/php/ext"
Add your php directory to the PATH variable
start>run>type cmd
on windows console type:
set PATH=%PATH%;e:\php
(remember replace e:\php with YOUR directory)
(note that using %path% is the same as var+=value, so the directory will be appended at the end of the variable)
php5 come with all the dll in the zip package so if you add the php directory to the path variable, you don't need to move anything to your windows system directory (very safe for later updates, because you just replace the content of your php directory)
After all these step you ready.. but of course you need to restart your IIS to apply changes, so
start>run>inetsrv/iis.msc
right click on your computer
all task>restart IIS
done!
mtudor AT icefusion remove me DOT co uk ¶
16 years ago
SYMPTOMS AND SETUP
------------------
For anyone having problems enabling the PHP openssl extension on WINDOWS.
I uncommented: extension=php_openssl.dll and installed the latest versions of ssleay.dll and libeay.dll in <windows>\system32.
When I restarted my web server and examined phpinfo(), there was no "openssl" headed section (although there were references to openssl in other sections).
I also found this error in my web server logs (<apache dir>/logs/ssl.log and <apache dir>/logs/access.log).
PHP Warning: PHP Startup: Unable to load dynamic library 'C:\\Program Files\\PHP\\ext\\php_openssl.dll' - The operating system cannot run %1.\r\n in Unknown on line 0
I have PHP 5.2.6 running on Apache 2.2.3 for Windows.
CAUSE
-----
This was caused by PHP picking up the WRONG VERSIONS of libeay.dll and ssleay.dll, which were present in multiple locations on my computer.
When any application attempts to use a dll file in windows, the system searches for this file using the following order:
1. The directory from which the application loaded.
2. The windows\system32 directory.
3. The windows\system directory.
4. The windows directory.
5. The current directory.
6. The directories that are listed in the PATH environment variable.
(http://msdn.microsoft.com/en-us/library/ms682586.aspx)
For PHP running under Apache, the application directory is <apache dir>\bin and NOT <php dir>. PHP was finding OUT OF DATE versions of libeay.dll and ssleay.dll in <apache dir>\bin (probably installed when I enabled SSL support in my web server). Because of this, the latest versions in windows\system32 were never reached.
NOTE: Although my problem was caused by an Apache2 specific configuration, I can imagine others might face this problem if, say, they install the openssl dlls in the PHP directory and add this directory to the PATH. I haven't checked it but I would imagine if another directory in the path contains outdated openssl dlls and this is listed before the PHP directory, a similar situation would occur.
SOLUTION
--------
Either replace the dlls in the first location on the search order, or, as I did, you can install the latest openssl dlls in the the windows system32 directory and just rename to .old the ssleay.dll and libeay.dll files in the search order locations before windows\system32.
Hope that helps others who might be stuck with this.
Mark.
anrdaemon at freemail dot ru ¶
10 years ago
If you want to configure Apache2 under Windows to use OpenSSL - please, for the love of God, do NOT copy around, or even worse - overwrite any DLL's.
First, modern Apache2 is shipped with relevant libraries, second - even if, for some reason, it can't find the right now - you can TELL it to use the right ones.
LoadLibrary.
Yes.
That simple.
LoadLibrary C:/apache2/bin/libeay32.dll
LoadLibrary C:/apache2/bin/ssleay32.dll
LoadLibrary C:/php5/php5ts.dll
LoadModule php5_module C:/php5/php5apache2_4.dll
Estimated Reading Time: 1 Minutes
This section provides a tutorial example on how to install and configure PHP OpenSSL extension/module with IIS on Windows via PHP Manager.
STEPS — How to do:
- Open Internet Information Services (IIS) Manager , expand < Your-Server-Name > option then expand Sites then choose the desired [PHPKB] site or Default Web Site if you have only site (see image below).
- On the right side, you would find PHP Manager (if it is unavailable then you can install it using Web Platform Installer highlighted in RED colored box with 2 ), click to open that (see image below).
- Under PHP Extensions section, click Enable or disable an extension (see image below).
- Then you would see the enabled extensions under Enabled section and disabled extensions just below the Disabled (it would be greyed out) section (see image below).
- Scroll down and find php_openssl.dll extension, right click on it and then click Enable option (see image below).
- Now, it would be moved to Enabled extensions list and then right click on your Web Site name (listed on the left side tree) then hover Manage Website and click Restart option (see image below).
That’s all!
5 people found this article helpful what about you?
- Post Comment
Last Updated :
29 Jan, 2020
To perform the secure HTTPS transfers you will need to enable the openssl extension then you have to install the composer. In this article, we will cover the enabling openssl for XAMPP as well as WAMP one by one then we will install the composer.
- Enable openssl extension on XAMPP
- Enable openssl extension on WAMP
- Installation of Composer
Enable PHP’s openssl extension on XAMPP:
Enable PHP’s openssl extension on WAMP:
Note: You can also enable openssl on WAMP by going in the php.ini file.
Install Composer: After following the above steps for enabling the openssl, you can follow the following steps to install Composer
- Step 1: Download the Composer-Setup.exe file and run it.
- Step 2: After running, you will see a popup box asking for the install mode. Here select Install for all users, which is also a recommended option, and hit Yes.
- Step 3: In Installation Options window, we don’t want the Developer mode, so we will let it be unpicked and click on Next.
- Step 4: Now, you will have to choose the PHP command-line. For XAMPP, the path will be C:\xampp\php\php.exe and for WAMP, the path will be C:\wamp64\bin\php\php7.3.12\php.exe and click Next. If you don’t find the path in the drop down then you will have to browse it. The version of PHP can be different for you.
If don’t have installed Visual C++ Redistributable for Visual Studio then it will show you below error. So to proceed you have to install that first.
- Step 5: Now in the Proxy Setting, leave every thing as it is and click on Next.
- Step 6: Now, verify the settings and click on Install.
- Step 7: Now you will see the following windows which means that the Composer is installed. Click on Next and hit Finish.
- Step 8: Now, to check if composer installed properly, open cmd, and type composer and hit Enter. If you see the output as below then it is successfully installed. If not then you will have to restart your PC and try again.
Today, the company’s OA office system has been vacated for a long time. It turns out that many smtp servers now require ssl encryption, and support for ssl requires php to load the openssl extension.So in this article, we will share with you how to install PHP’s openssl extension under Linux/Windows system.
About openssl
OpenSSL is a secure socket layer cryptographic library, including the main cryptographic algorithms, commonly used key and certificate packaging management functions and SSL protocol, and provides a wealth of applications for testing or other Purpose of use.
Install openssl extension
Linux system articles
1. CentOS system
php installation package directory: /data/php5.6.14/
PHP installation path: /usr/local/php/
(The specific path setting in the following steps can be set according to your actual situation.)
Find the curl extension directory in the PHP installation package
cd /data/php5.6.14/ext/openssl/
config0.m4 file rename
Run phpize
/usr/local/php/bin/phpize
Compile and install:
./configure --with-openssl --with-php-config=/usr/local/php/bin/php-config make && make install
At this time, openssl.so has been generated in the /usr/local/php/lib/php/extensions/no-debug-non-zts-20131226/ directory
Set up the PHP configuration file php.ini and add the following line
Finally restart the service and use phpinfo() to check whether the PHP-openssl extension is installed successfully.
2. Ubuntu system
Execute the following command:
sudo apt-get install openssl sudo apt-get install libcurl4-openssl-dev sudo apt-get install libssl-dev
Finally, restart the service.
Windows system
1: First check php.ini; extension=php_openssl.dll exists, if it exists, remove the preceding comment ‘;’, if this line does not exist, then add extension=php_openssl.dll.
2: Speaking of the php folder: php_openssl.dll, ssleay32.dll, libeay32.dll 3 files copied to the WINDOWS\system32\ folder.
Note: If you don’t have php_openssl.dll, download one from the Internet. There are many php_openssl downloaded, and find the php_openssl under your corresponding php version.
3: Restart the service
Что такое OpenSSL?
OpenSSL — это бесплатный модуль с открытым исходным кодом, предназначенный для обеспечения связи в компьютерных сетях. OpenSSL — это инструмент для протоколов Transport Layer Security (TLS) и Secure Sockets Layer (SSL).
Что такое сертификат SSL?
На веб-сайте используется уровень защищенных сокетов, то есть SSL. Сертификат SSL обеспечивает защиту данных между двумя компьютерами с помощью шифрования. Два задействованных компьютера могут использоваться для обмена данными между клиентом и сервером. Когда вы делитесь такими данными, как пароль, данные кредитной карты, домашний адрес, номер социального страхования, он должен быть защищен, и то же самое обеспечивается сертификатом SSL. SSL-сертификаты гарантируют, что идентичность обоих задействованных компьютеров аутентифицирована для безопасного соединения.
Установка OpenSSL в PHP
Модуль OpenSSL по умолчанию добавлен в PHP. Вы можете активировать то же самое, удалив (;) ; extension = php_openssl.dll, добавленную в начале расширения в php.ini. После этого перезапустите apache и проверьте, отражают ли изменения, сохраните код ниже как .php и выполните .php в браузере.
<?php
phpinfo();
?>Вы должны увидеть, что openssl включен в браузере, как показано ниже:
Конфигурация OpenSSL
Openssl.cnf — это файл конфигурации, в нем есть вся конфигурация по умолчанию, необходимая для работы openssl. Чтобы запустить openssl, первое, что нужно сделать, это то, что php попытается найти файл конфигурации. Чтобы получить то же самое, вам нужно будет добавить папку php в переменная окружения.
Если вы являетесь пользователем Windows, выполните следующие действия для настройки переменной среды для папки php:
1. Щелкните правой кнопкой мыши «Мой компьютер» и выберите «Свойства».
2. Перейдите в Дополнительные настройки системы.
3. Щелкните кнопку «Переменные среды».
4. Отредактируйте переменную пути и нажмите кнопку «Изменить».
5. Теперь добавьте путь к папке Php в конце. Я использую xampp, поэтому моя папка php — C: \ xampp \ php;
6. По завершении нажмите кнопку ОК.
7. Теперь откройте командную строку и введите команду: openssl version -a.
C:\Windows\system32>openssl version -a
OpenSSL 1.0.2l 25 May 2017
built on: reproducible build, date unspecified
platform: mingw64
options: bn(64,64) rc4(16x,int) des(idx,cisc,2,long) idea(int) blowfish(idx)
compiler: x86_64-w64-mingw32-gcc -I. -I.. -I../include -D_WINDLL -DOPENSSL_PIC
-DOPENSSL_THREADS -D_MT -DDSO_WIN32 -static-libgcc -DL_ENDIAN -O3 -Wall -DWIN32_
LEAN_AND_MEAN -DUNICODE -D_UNICODE -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DO
PENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSH
A512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
-DECP_NISTZ256_ASM
OPENSSLDIR: "/etc/ssl"Теперь php сможет найти файл конфигурации openssl.cnf.
Функции OpenSSL
В следующей таблице перечислены все функции, связанные с PHP OpenSSL. Здесь версия в столбце указывает самую раннюю версию PHP, которая поддерживает эту функцию.
| Старший Нет | Описание функции | Версия |
|---|---|---|
| 1 | openssl_pkey_new ()
Возвращает идентификатор ресурса с новой парой закрытого и открытого ключей. |
5.0.0 |
| 2 | openssl_pkey_get_private ()
Возвращает закрытый ключ |
5.0.0 |
| 3 | openssl_pkey_get_public ()
Возвращает публичный ключ |
5.0.0 |
| 4 | openssl_ pkey_ экспорт_ в_ файл ()
Экспортирует ключ в файл |
5.0.0 |
| 5 | openssl_private_encrypt ()
Шифрует данные закрытым ключом |
5.0.0 |
| 6 | openssl_public_encrypt ()
Шифрует данные открытым ключом |
5.0.0 |
| 7 | openssl_public_decrypt ()
Расшифровывает данные открытым ключом |
5.0.0 |
| 8 | openssl_private_decrypt ()
Расшифровывает данные закрытым ключом |
5.0.0 |