How to read SSL certificate from PHP

How to read SSL certificate from PHP

The SSL certificate can be obtained using the Stream Context, and the openssl_x509_parse() function will help to parse it.

If the certificate is missing or expired, then the error code and text will be in the $err_no and $err_str variables.

$url = 'ssl://snippens.com:443';

$context = stream_context_create(
	array(
		'ssl' => array(
			'capture_peer_cert' => true,
			'verify_peer'       => false, // Because the intermediate certificate may be missing,
			'verify_peer_name'  => false  // disabling its verification.
		)
	)
);

$fp = stream_socket_client($url, $err_no, $err_str, 30, STREAM_CLIENT_CONNECT, $context);
$cert = stream_context_get_params($fp);
 
if (empty($err_no)) {
	$info = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
	print_r($info);
}
PHP

Result:

Array(
	[name] => /CN=snippens.com
	[subject] => Array(
		[CN] => snippens.com
	)
	[hash] => d29c8ea7
	[issuer] => Array(
		[C] => US
		[O] => Let's Encrypt
		[CN] => Let's Encrypt Authority X3
	)
	[version] => 2
	[serialNumber] => 295366585736462130072577585684820136690675
	[serialNumberHex] => 0364011F3441AE879CE07F8A1018FDFA03F3
	[validFrom] => 200214143414Z
	[validTo] => 200514143414Z
	[validFrom_time_t] => 1581690854
	[validTo_time_t] => 1589466854
	[signatureTypeSN] => RSA-SHA256
	[signatureTypeLN] => sha256WithRSAEncryption
	[signatureTypeNID] => 668
	[purposes] => Array(
		[1] => Array(
			[0] => 1
			[1] => 
			[2] => sslclient
		)
		[2] => Array(
			[0] => 1
			[1] => 
			[2] => sslserver
		)
		[3] => Array(
			[0] => 1
			[1] => 
			[2] => nssslserver
		)
		[4] => Array(
			[0] => 
			[1] => 
			[2] => smimesign
		)
		[5] => Array(
			[0] => 
			[1] => 
			[2] => smimeencrypt
		)
		[6] => Array(
			[0] => 
			[1] => 
			[2] => crlsign
		)
		[7] => Array(
			[0] => 1
			[1] => 1
			[2] => any
		)
		[8] => Array(
			[0] => 1
			[1] => 
			[2] => ocsphelper
		)
		[9] => Array(
			[0] => 
			[1] => 
			[2] => timestampsign
		)
	)
	[extensions] => Array(
		[keyUsage] => Digital Signature, Key Encipherment
		[extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
		[basicConstraints] => CA:FALSE
		[subjectKeyIdentifier] => 93:5E:0E:54:E4:68:87:51:61:07:15:45:04:76:EB:AC:53:69:00:AE
		[authorityKeyIdentifier] => keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
		[authorityInfoAccess] => OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
		[subjectAltName] => DNS:snippens.com, DNS:www.snippens.com
		[certificatePolicies] => Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org
	)
)

Basic data output

echo 'Domain: '   . $info['subject']['CN'] . "\r\n";
echo 'Issued: '   . $info['issuer']['CN'] . "\r\n";
echo 'Expires: ' . date('d.m.Y H:i', $info['validTo_time_t']);
PHP
Domain: snippens.com
Issued: Let's Encrypt Authority X3
Expires: 14.05.2020 17:34
17.04.2020, updated 25.02.2021
94

Comments

to add a comment.

Other publications

Generating the sitemap.xml file
An example of creating a sitemap file (sitemap.xml) in PHP. Integrating it into the site and connecting it to robots.txt
37
0
Regular Expression Shortcodes
Often on sites, it becomes necessary to insert dynamic information blocks into the texts of pages - banners, phones...
25
0
Checking data with regular expressions
A collection of regular expressions with examples in PHP for validating data from form fields.
49
0
Automatic setting of the user's time zone
date_default_timezone_set sets the default timezone used by all date / time functions.
113
0
Serialize function, possible problems
The serialize () function returns a string representation of any value (array, object, etc.). Using serialize on an...
32
0
How to set up Last-Modified
The Last-Modified header helps to optimize the loading of web pages and make the job easier for search engines.
100
0