How does PHP use Socket to obtain the SSL Certificate and public key of a website?

Source: Internet
Author: User
Tags ssl certificate

How does PHP use Socket to obtain the SSL Certificate and public key of a website?

Sample Code:


1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

// Create stream context

$context = stream_context_create([

 'ssl' => [

  'capture_peer_cert' => true,

  'capture_peer_cert_chain' => true,

 ],

]);

  

$resource = stream_socket_client("ssl://$domain:$port", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);

$cert = stream_context_get_params($resource);

  

$ssl = $cert['options']['ssl'];

$resource = $ssl['peer_certificate'];

  

// Only the public key is in the website certificate. Use openssl_pkey_get_details to export the public key.

  

$ret = [

 'crt' => '',

 'pub' => '',

];

  

$pkey = openssl_pkey_get_public($resource);

$ret['pub'] = openssl_pkey_get_details($pkey)['key'];

  

openssl_x509_export($resource, $pem);

$ret['crt'] = $pem;

  

foreach ($ssl['peer_certificate_chain'] as $resource)

{

 openssl_x509_export($resource, $pem);

 $ret['crt'] .= "\n" . $pem;

}

  

// Save $ ret ['crt '] As domain. crt

// Save $ ret ['pub'] As domain. pub

  

return $ret;

Verify that the public key A in the certificate is correct. Use the private key to export the Public Key B.


1

2

3

4

5

6

7

8

9

10

11

12

13

$domain = 'blog.zhengxianjun.com';

$port = '443';

// ...

$pub_a = $ret['pub'];

  

$private_key_path = '/conf/ssl/blog.zhengxianjun.com.key';

  

// No password is set for the certificate. $ passphrase is an empty string.

$pkey = openssl_pkey_get_private(file_get_content($private_key_path), $passphrase = '');

$pub_b = openssl_pkey_get_details($pkey)['key'];

  

// The two are the same

var_dump($pub_a === $pub_b);

The stream_socket_client function can also be used to obtain the domain names that may be used by the server when the server IP address is known.


1

2

3

4

5

6

7

8

$resource = stream_socket_client("ssl://$ip:$port", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);

$cert = stream_context_get_params($resource);

  

// Parse the X.509 Certificate

$info = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);

  

// Obtain the list of trusted domain names in the certificate

$domain = str_replace('DNS:', '', $info['extensions']['subjectAltName']);

You can see that the private key is not obtained when you obtain the website certificate.

In some websites that use CDN, if you use HTTPS and want to use your own domain name, do you need to provide your private key to CDN vendors? In fact, the certificate path does not need to be consistent with the user name (a domain name that supports https.

That is, when using your own domain name and CDN acceleration, you do not need to use your own ssl certificate, you just need to add your own CDN domain name to the domain name list of the vendor certificate.

Summary

The above is all about this article. I hope the content of this article will help you in your study or work. If you have any questions, please leave a message. Thank you for your support.

Link: https://blog.zhengxianjun.com/2017/02/php-curl-ssl/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.