# openssl-php-installation-7

• Installing/Configuring

• Installation

## Installation

To use PHP’s OpenSSL support you must also compile
PHP –with-openssl[=DIR]
.

The OpenSSL library also has additional
requirements for normal operation at run-time. Most notably,
generator; on most Unix and Unix-like platforms (including Linux),
/dev/random device.

As of PHP 5.6.3, the configure option
–with-system-ciphers is
available which causes PHP to use the system cipher list instead of
a hard-coded default.

Note: Note to Win32
Users

In order for this extension to work, there are
DLL files that must
be available to the Windows system PATH.
For information on how to do this, see the FAQ entitled “How
do I add my PHP directory to the PATH on Windows
“. Although
copying DLL files from the PHP folder into the Windows system
directory also works (because the system directory is by default in
the system’s PATH), this is not
recommended. This extension requires the
following files to be in the PATH:

libeay32.dll, or, as of OpenSSL 1.1,
libcrypto-*.dll

Additionally, if you are planning to use the key
generation and certificate signing functions, you will need to
install a valid openssl.cnf file on
your system. We include a sample configuration file in our win32
binary distributions, in the extras/openssl directory.

PHP will search for the openssl.cnf using the following logic:

• the
OPENSSL_CONF environmental variable, if set, will be used
as the path (including filename) of the configuration
file.
• the SSLEAY_CONF
environmental variable, if set, will be used as the path (including
filename) of the configuration file.
• The file openssl.cnf will be assumed to be found in the
default certificate area, as configured at the time that the
openssl DLL was compiled. This is usually means that the default
filename is C:\Program Files\Common
Files\SSL\openssl.cnf
(x64) or C:\Program Files (x86)\Common
Files\SSL\openssl.cnf
(x86), or, prior to PHP 7.4.0,
C:\usr\local\ssl\openssl.cnf.

In your installation, you need to decide
whether to install the configuration file in the default path or
whether to install it someplace else and use environmental
variables (possibly on a per-virtual-host basis) to locate the
configuration file. Note that it is possible to override the
default path from the script using the `configargs` of the functions that require a
configuration file.

Caution

Ensure that non-privileged users are not allowed
to modify openssl.cnf.

### Changelog

Version Description
7.4.0 The OpenSSL default config path has been changed from
C:\usr\local\ssl to C:\Program Files\Common Files\SSL and C:\Program Files (x86)\Common Files\SSL,
repectively.