How can I use "openssl_x509_parse" for expired/error certificate in PHP?

Question

I'm quite newbie of PHP, but studying and trying to build simple webpage which displays SSL Certificate status. (e.g.Expiry date) Also each servers(common name) and ports are stored at MySQL DB and read by PDO. Usually this works if server returns valid certificate. However it fails to load when certificate is expired or by other reasons such as unmatched Common Name.

Code as below:

<?php
    $get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE)));
    $read = stream_socket_client("ssl://".$row["domain"].":".$row["port"], $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $get);
    $cert = stream_context_get_params($read);
    $certinfo = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
?>

May I be advised how to resolve this issue please?

Thank you!

score 1 · Answer 1 · edited May 23 '17 at 12:33

1

Foolish myself, found solution from Stack Overflow. SSL error SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Modified first line:

$get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE)));

into:

$get = stream_context_create(array("ssl" => array("capture_peer_cert" => TRUE, 'verify_peer' => false, 'verify_peer_name' => false)));

edited May 23 '17 at 12:33

Community

1
1

answered Jan 08 '17 at 03:57

Minibrary

21
2

How can I use "openssl_x509_parse" for expired/error certificate in PHP?

1 Answers1