How PHP uses the socket to obtain the SSL certificate and public key of the website

Source: Internet
Author: User
Tags ssl certificate
This article mainly introduces the use of PHP socket to obtain the SSL certificate and public key information, the text gives a detailed sample code for everyone to reference the study, for everyone has a certain reference learning value, the need for friends below to see it together.

Requesting a Web page from Php Curl does not obtain the certificate information, and the certificate content needs to be obtained using an SSL socket. Here is a look at the detailed introduction:

Example code:

Create Stream context$context = Stream_context_create ([' ssl ' = ' =  ' capture_peer_cert ' + ' = True  ' Capture_ Peer_cert_chain ' = (true,],]); $resource = Stream_socket_client ("ssl://$domain: $port", $errno, $errstr,, Stream_client_connect, $context); $cert Stream_context_get_params ($resource); $ssl = $cert [' Options '] [' SSL ']; $resource = $ssl [' peer_certificate ']; The website certificate only has the public key, the public key is exported through the openssl_pkey_get_details $ret = [' crt ' = ', ' pub ' = = ',]; $pkey = Openssl_pkey_get_public ($resource), $ret [' pub '] = Openssl_pkey_get_details ($pkey) [' Key ']; Openssl_x509_export ($resource, $PEM); $ret [' crt '] = $PEM;  foreach ($ssl [' Peer_certificate_chain '] as $resource) {Openssl_x509_export ($resource, $PEM); $ret [' crt ']. = "\ n". $pem;} Save $ret [' CRT '] for domain.crt//save $ret [' Pub '] for domain.pub return $ret;

Verify that public key A is correct in the certificate, export public key B through the private key, and compare the two findings.

$domain = ' blog.zhengxianjun.com '; $port = ' 443 ';//... $pub _a = $ret [' Pub ']; $private _key_path = '/conf/ssl/blog.zhengxianjun.com.key '; The certificate does not have a password set, $passphrase an empty string $pkey = Openssl_pkey_get_private (file_get_content ($private _key_path), $passphrase = "); $pub _b = openssl_pkey_get_details ($pkey) [' Key ']; The two are consistent var_dump ($pub _a = = = $pub _b);

The function stream_socket_client also has a purpose of obtaining a domain name that can be used by the server when the server IP is known.

$resource = Stream_socket_client ("ssl://$ip: $port", $errno, $errstr,, Stream_client_connect, $context); $cert Stream_context_get_params ($resource); Parse the certificate of $info = Openssl_x509_parse ($cert [' Options '] [' SSL '] [' peer_certificate ']); Get the list of trusted domains in the certificate $domain = Str_replace (' DNS: ', ' ', $info [' Extensions '] [' subjectaltname ']);

You can see that obtaining a Web site certificate does not obtain a private key.

In some sites that use CDN, if you use HTTPS and want to use your own domain name, do you need to provide your private key to the CDN vendor? In fact, the certificate path does not need to be consistent with the user name (the domain name that supports HTTPS).

That is, you do not need to use your own SSL certificate when using your own domain name and CDN acceleration, just add your CDN domain name to the list of vendor certificates.

Related recommendations:

Php method for client and server communication based on socket

PHP implementation WebSocket Real-time message push step

The socket function in PHP

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.