PHP uses Socket to obtain the website's SSL Certificate and public key, phpsocketssl Certificate

PHP uses Socket to obtain the website's SSL Certificate and public key, phpsocketssl Certificate

You cannot obtain the certificate information from the php curl request webpage. In this case, you need to use ssl socket to obtain the certificate content. Let's take a look at the detailed introduction:

Sample Code:

// Create stream context $ context = stream_context_create (['ssl '=> ['capture _ peer_cert' => true, 'capture _ peer_cert_chain '=> true,],]); $ resource = stream_socket_client ("ssl: // $ domain: $ port", $ errno, $ errstr, 30, STREAM_CLIENT_CONNECT, $ context); $ cert = stream_context_get_params ($ resource ); $ ssl = $ cert ['options'] ['ssl ']; $ resource = $ ssl ['peer _ certificate']; // The website certificate contains only the public key, use openssl_pkey_get_details to export the Public Key $ ret = ['crt '=> '', 'pub' =>'',]; $ pkey = openssl_pkey_get_public ($ resource ); $ ret ['pub'] = openssl_pkey_get_details ($ pkey) ['key']; openssl_x509_export ($ resource, $ pem); $ ret ['crt '] = $ pem; foreach ($ ssl ['peer _ certificate_chain '] as $ resource) {openssl_x509_export ($ resource, $ pem); $ ret ['crt']. = "\ n ". $ pem;} // save $ ret ['crt '] As domain. crt // save $ ret ['pub'] As domain. pub return $ ret;

Verify that the public key A in the certificate is correct. Use the private key to export the Public Key B.

$ Domain = 'blog .zhengxianjun.com '; $ port = '000000 ';//... $ pub_a = $ ret ['pub']; $ private_key_path = '/conf/ssl/blog.zhengxianjun.com. key'; // no password is set for the certificate. $ passphrase is an empty string $ pkey = openssl_pkey_get_private (file_get_content ($ private_key_path), $ passphrase = ''); $ pub_ B = openssl_pkey_get_details ($ pkey) ['key']; // var_dump ($ pub_a ===$ pub_ B );

The stream_socket_client function can also be used to obtain the domain names that may be used by the server when the server IP address is known.

$ Resource = stream_socket_client ("ssl: // $ ip: $ port", $ errno, $ errstr, 30, STREAM_CLIENT_CONNECT, $ context); $ cert = stream_context_get_params ($ resource ); // parse the X.509 certificate $ info = openssl_x509_parse ($ cert ['options'] ['ssl '] ['peer _ certificate']); // obtain the list of trusted domain names in the certificate $ domain = str_replace ('dns: ', '', $ info ['extension'] ['subjectaltname']);

You can see that the private key is not obtained when you obtain the website certificate.

In some websites that use CDN, if you use HTTPS and want to use your own domain name, do you need to provide your private key to CDN vendors? In fact, the certificate path does not need to be consistent with the user name (a domain name that supports https.

That is, when using your own domain name and CDN acceleration, you do not need to use your own ssl certificate, you just need to add your own CDN domain name to the domain name list of the vendor certificate.

Summary

The above is all the content of this article. I hope the content of this article will help you in your study or work. If you have any questions, please leave a message, thank you for your support.