This article mainly introduces you to the relevant information about PHP using Socket to obtain the SSL certificate and public key of the website. The article gives detailed sample code for your reference and study. It has certain reference and learning value for everyone. It is needed Friends, let’s take a look together.
Requesting the web page through php curl cannot obtain the certificate information. In this case, you need to use ssl socket to obtain the certificate content. Let’s take a look at the detailed introduction:
Sample code:
// 创建 stream context $context = stream_context_create([ 'ssl' => [ 'capture_peer_cert' => true, 'capture_peer_cert_chain' => true, ], ]); $resource = stream_socket_client("ssl://$domain:$port", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context); $cert = stream_context_get_params($resource); $ssl = $cert['options']['ssl']; $resource = $ssl['peer_certificate']; // 网站证书中只有公钥,通过 openssl_pkey_get_details 导出公钥 $ret = [ 'crt' => '', 'pub' => '', ]; $pkey = openssl_pkey_get_public($resource); $ret['pub'] = openssl_pkey_get_details($pkey)['key']; openssl_x509_export($resource, $pem); $ret['crt'] = $pem; foreach ($ssl['peer_certificate_chain'] as $resource) { openssl_x509_export($resource, $pem); $ret['crt'] .= "\n" . $pem; } // 保存 $ret['crt'] 为 domain.crt // 保存 $ret['pub'] 为 domain.pub return $ret;
Verifying certificate Whether the public key A is correct, derive the public key B through the private key, and compare the two and find that they are consistent.
$domain = 'blog.zhengxianjun.com'; $port = '443'; // ... $pub_a = $ret['pub']; $private_key_path = '/conf/ssl/blog.zhengxianjun.com.key'; // 证书没有设置密码,$passphrase 为空字符串 $pkey = openssl_pkey_get_private(file_get_content($private_key_path), $passphrase = ''); $pub_b = openssl_pkey_get_details($pkey)['key']; // 两者一致 var_dump($pub_a === $pub_b);
Another use of the function stream_socket_client is to obtain the domain name that the server may be able to use when the server IP is known.
$resource = stream_socket_client("ssl://$ip:$port", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context); $cert = stream_context_get_params($resource); // 解析 X.509 格式证书 $info = openssl_x509_parse($cert['options']['ssl']['peer_certificate']); // 获取证书中的可信域名列表 $domain = str_replace('DNS:', '', $info['extensions']['subjectAltName']);
As you can see above, obtaining the website certificate does not allow you to obtain the private key.
In some sites that use CDN, if you use HTTPS and want to use your own domain name, do you need to provide your private key to the CDN vendor? In fact, the certificate path and the user name (domain name that supports https) do not need to be consistent.
That is, when using your own domain name and performing CDN acceleration, you do not need to use your own SSL certificate. You only need to add your own CDN domain name to the domain name list of the manufacturer's certificate.
Related recommendations:
PHP is based on socketMethod to implement client and server communication functions
##php implements websocketDetailed explanation of real-time message push steps
The above is the detailed content of How to obtain the SSL certificate and public key of the website using PHP Socket. For more information, please follow other related articles on the PHP Chinese website!