PHP uses socket to obtain SSL certificate and public key of website

This article mainly introduces the use of PHP socket to obtain the SSL certificate and public key information, the text gives a detailed sample code for everyone to reference the study, for everyone has a certain reference learning value, the need for friends below to see it together.

Requesting a Web page from Php Curl does not obtain the certificate information, and the certificate content needs to be obtained using an SSL socket. Here is a look at the detailed introduction:

Example code:

Create Stream context$context = Stream_context_create ([' ssl ' = ' =  ' capture_peer_cert ' + ' = True  ' Capture_ Peer_cert_chain ' = (true,],]); $resource = Stream_socket_client ("ssl://$domain: $port", $errno, $errstr,, Stream_client_connect, $context); $cert Stream_context_get_params ($resource); $ssl = $cert [' Options '] [' SSL ']; $resource = $ssl [' peer_certificate ']; The website certificate only has the public key, the public key is exported through the openssl_pkey_get_details $ret = [' crt ' = ', ' pub ' = = ',]; $pkey = Openssl_pkey_get_public ($resource), $ret [' pub '] = Openssl_pkey_get_details ($pkey) [' Key ']; Openssl_x509_export ($resource, $PEM); $ret [' crt '] = $PEM;  foreach ($ssl [' Peer_certificate_chain '] as $resource) {Openssl_x509_export ($resource, $PEM); $ret [' crt ']. = "\ n". $pem;} Save $ret [' CRT '] for domain.crt//save $ret [' Pub '] for domain.pub return $ret;

Verify that public key A is correct in the certificate, export public key B through the private key, and compare the two findings.

$domain = ' blog.zhengxianjun.com '; $port = ' 443 ';//... $pub _a = $ret [' Pub ']; $private _key_path = '/conf/ssl/blog.zhengxianjun.com.key '; The certificate does not have a password set, $passphrase an empty string $pkey = Openssl_pkey_get_private (file_get_content ($private _key_path), $passphrase = "); $pub _b = openssl_pkey_get_details ($pkey) [' Key ']; The two are consistent var_dump ($pub _a = = = $pub _b);

The function stream_socket_client also has a purpose of obtaining a domain name that can be used by the server when the server IP is known.

$resource = Stream_socket_client ("ssl://$ip: $port", $errno, $errstr,, Stream_client_connect, $context); $cert Stream_context_get_params ($resource); Parse the certificate of $info = Openssl_x509_parse ($cert [' Options '] [' SSL '] [' peer_certificate ']); Get the list of trusted domains in the certificate $domain = Str_replace (' DNS: ', ' ', $info [' Extensions '] [' subjectaltname ']);

You can see that obtaining a Web site certificate does not obtain a private key.

In some sites that use CDN, if you use HTTPS and want to use your own domain name, do you need to provide your private key to the CDN vendor? In fact, the certificate path does not need to be consistent with the user name (the domain name that supports HTTPS).

That is, you do not need to use your own SSL certificate when using your own domain name and CDN acceleration, just add your CDN domain name to the list of vendor certificates.

Summarize