If you want to create own Certification authority (CA) on pure PHP with OpenSSL extension, you need a function to create certificate revocation list (CRL) which is missing in OpenSSL extension (request #40046).
This lib implements such function - openssl_x509_crl()
use Ukrbublik\openssl_x509_crl\X509;
use Ukrbublik\openssl_x509_crl\X509_CERT;
use Ukrbublik\openssl_x509_crl\X509_CRL;
$ci = array(
'no' => 1,
'version' => 2,
'days' => 30,
'alg' => OPENSSL_ALGO_SHA1,
'revoked' => array(
array(
'serial' => '101',
'rev_date' => time(),
'reason' => X509::getRevokeReasonCodeByName("cessationOfOperation"),
'compr_date' => strtotime("-1 day"),
'hold_instr' => null,
)
)
);
$ca_pkey = openssl_pkey_get_private(file_get_contents('ca_key.key'));
$ca_cert = X509::pem2der(file_get_contents('ca_cert.cer'));
$crl_data = openssl_x509_crl($ci, $ca_pkey, $ca_cert);
//$crl_data contains CRL in DER format