• Installing/Configuring
  • Installation

  • Installation
  • Installation


    To use PHP’s OpenSSL support you must also compile
    PHP –with-openssl[=DIR]

    The OpenSSL library also has additional
    requirements for normal operation at run-time. Most notably,
    OpenSSL requires access to a random or pseudo-random number
    generator; on most Unix and Unix-like platforms (including Linux),
    this means that it must have access to a /dev/urandom or
    /dev/random device.

    As of PHP 5.6.3, the configure option
    –with-system-ciphers is
    available which causes PHP to use the system cipher list instead of
    a hard-coded default.

    Note: Note to Win32

    In order for this extension to work, there are
    DLL files that must
    be available to the Windows system PATH.
    For information on how to do this, see the FAQ entitled “How
    do I add my PHP directory to the PATH on Windows
    “. Although
    copying DLL files from the PHP folder into the Windows system
    directory also works (because the system directory is by default in
    the system’s PATH), this is not
    recommended. This extension requires the
    following files to be in the PATH:

    libeay32.dll, or, as of OpenSSL 1.1,

    Additionally, if you are planning to use the key
    generation and certificate signing functions, you will need to
    install a valid openssl.cnf file on
    your system. We include a sample configuration file in our win32
    binary distributions, in the extras/openssl directory.

    PHP will search for the openssl.cnf using the following logic:

    • the
      OPENSSL_CONF environmental variable, if set, will be used
      as the path (including filename) of the configuration
    • the SSLEAY_CONF
      environmental variable, if set, will be used as the path (including
      filename) of the configuration file.
    • The file openssl.cnf will be assumed to be found in the
      default certificate area, as configured at the time that the
      openssl DLL was compiled. This is usually means that the default
      filename is C:\Program Files\Common
      (x64) or C:\Program Files (x86)\Common
      (x86), or, prior to PHP 7.4.0,

    In your installation, you need to decide
    whether to install the configuration file in the default path or
    whether to install it someplace else and use environmental
    variables (possibly on a per-virtual-host basis) to locate the
    configuration file. Note that it is possible to override the
    default path from the script using the configargs of the functions that require a
    configuration file.


    Ensure that non-privileged users are not allowed
    to modify openssl.cnf.


    Version Description
    7.4.0 The OpenSSL default config path has been changed from
    C:\usr\local\ssl to C:\Program Files\Common Files\SSL and C:\Program Files (x86)\Common Files\SSL,