PHP and SSL: How can I retrieve "detailed" validation results for remote site's certificate?

Question

I am trying to validate a remote site's SSL certificate. Curl can give a generic success or failure indication, but no details. My client requires specifics on WHY the certificate failed: wrong domain, revoked or expired cert, untrusted CA, etc.

curl_error($ch) returns the proper error when the hostname is wrong on cert. But it doesn't return any info if the cert is expired or revoked, it returns "Peer certificate cannot be authenticated with known CA certificates"which is not correct.

How can I use PHP to get the exact reason a remote site's certificate is invalid / untrusted ??

Looks like Curl can not do this.

score 0 · Accepted Answer · edited May 23 '17 at 12:13

0

To get the validity period, I used this answer

and added this:

    $cert_info = openssl_x509_parse($cont["options"]["ssl"]["peer_certificate"]);

    if($cert_info['validFrom_time_t'] < time() < $cert_info['validTo_time_t']) {
        //Certificate is CURRENT!
    } else {
        //Certificate is Expired or not yet valid
    }

edited May 23 '17 at 12:13

Community

1
1

answered Oct 30 '13 at 22:47

lilbiscuit

2,109
6
32
53

PHP and SSL: How can I retrieve "detailed" validation results for remote site's certificate?

1 Answers1