PHP uses Socket to obtain the website's SSL Certificate and public key, phpsocketssl Certificate

Source: Internet
Author: User
Tags ssl certificate

PHP uses Socket to obtain the website's SSL Certificate and public key, phpsocketssl Certificate

You cannot obtain the certificate information from the php curl request webpage. In this case, you need to use ssl socket to obtain the certificate content. Let's take a look at the detailed introduction:

Sample Code:

// Create stream context $ context = stream_context_create (['ssl '=> ['capture _ peer_cert' => true, 'capture _ peer_cert_chain '=> true,],]); $ resource = stream_socket_client ("ssl: // $ domain: $ port", $ errno, $ errstr, 30, STREAM_CLIENT_CONNECT, $ context); $ cert = stream_context_get_params ($ resource ); $ ssl = $ cert ['options'] ['ssl ']; $ resource = $ ssl ['peer _ certificate']; // The website certificate contains only the public key, use openssl_pkey_get_details to export the Public Key $ ret = ['crt '=> '', 'pub' =>'',]; $ pkey = openssl_pkey_get_public ($ resource ); $ ret ['pub'] = openssl_pkey_get_details ($ pkey) ['key']; openssl_x509_export ($ resource, $ pem); $ ret ['crt '] = $ pem; foreach ($ ssl ['peer _ certificate_chain '] as $ resource) {openssl_x509_export ($ resource, $ pem); $ ret ['crt']. = "\ n ". $ pem;} // save $ ret ['crt '] As domain. crt // save $ ret ['pub'] As domain. pub return $ ret;

Verify that the public key A in the certificate is correct. Use the private key to export the Public Key B.

$ Domain = 'blog .zhengxianjun.com '; $ port = '000000 ';//... $ pub_a = $ ret ['pub']; $ private_key_path = '/conf/ssl/blog.zhengxianjun.com. key'; // no password is set for the certificate. $ passphrase is an empty string $ pkey = openssl_pkey_get_private (file_get_content ($ private_key_path), $ passphrase = ''); $ pub_ B = openssl_pkey_get_details ($ pkey) ['key']; // var_dump ($ pub_a ===$ pub_ B );

The stream_socket_client function can also be used to obtain the domain names that may be used by the server when the server IP address is known.

$ Resource = stream_socket_client ("ssl: // $ ip: $ port", $ errno, $ errstr, 30, STREAM_CLIENT_CONNECT, $ context); $ cert = stream_context_get_params ($ resource ); // parse the X.509 certificate $ info = openssl_x509_parse ($ cert ['options'] ['ssl '] ['peer _ certificate']); // obtain the list of trusted domain names in the certificate $ domain = str_replace ('dns: ', '', $ info ['extension'] ['subjectaltname']);

You can see that the private key is not obtained when you obtain the website certificate.

In some websites that use CDN, if you use HTTPS and want to use your own domain name, do you need to provide your private key to CDN vendors? In fact, the certificate path does not need to be consistent with the user name (a domain name that supports https.

That is, when using your own domain name and CDN acceleration, you do not need to use your own ssl certificate, you just need to add your own CDN domain name to the domain name list of the vendor certificate.

Summary

The above is all the content of this article. I hope the content of this article will help you in your study or work. If you have any questions, please leave a message, thank you for your support.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.