How to Get Ssl Certificate Info with Curl in PHP

How to get SSL certificate info with CURL in PHP?

No. EDIT: A CURLINFO_CERTINFO option has been added to PHP 5.3.2. See http://bugs.php.net/49253

Apparently, that information is being given to you by your proxy in the response headers. If you want to rely on that, you can use curl's CURLOPT_HEADER option to trueto include the headers in the output.

However, to retrieve the certificate without relying on some proxy, you must do

<?php
$g = stream_context_create (array("ssl" => array("capture_peer_cert" => true)));
$r = fopen("https://www.google.com/", "rb", false, $g);
$cont = stream_context_get_params($r);
var_dump($cont["options"]["ssl"]["peer_certificate"]);

You can manipulate the value of $cont["options"]["ssl"]["peer_certificate"] with the OpenSSL extension.

EDIT: This option is better since it doesn't actually make the HTTP request and does not require allow_url_fopen:

<?php
$g = stream_context_create (array("ssl" => array("capture_peer_cert" => true)));
$r = stream_socket_client("ssl://www.google.com:443", $errno, $errstr, 30,
    STREAM_CLIENT_CONNECT, $g);
$cont = stream_context_get_params($r);
var_dump($cont["options"]["ssl"]["peer_certificate"]);

SSL Certificate with PHP CURL

For my particular case i needed to add the keyfile, sslcert and cert password.

   //$xml = file_get_contents("thexmlfile.xml");
  $xml= $propertyXml->asXML();
  $ch = curl_init();

    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_CAINFO, getcwd() . '\pemfile.pem');

  curl_setopt($ch, CURLOPT_URL, "https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails");
  curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: text/xml'));
  curl_setopt($ch, CURLOPT_HEADER, 0);
  curl_setopt($ch, CURLOPT_POST, 1);
  curl_setopt($ch, CURLOPT_SSH_PRIVATE_KEYFILE, getcwd() . '\myjks.jks');
  curl_setopt($ch, CURLOPT_SSLCERT, getcwd() . '\pemfile.pem');
  curl_setopt($ch, CURLOPT_SSLCERTPASSWD, "thesslpassword");
  curl_setopt($ch, CURLOPT_POSTFIELDS, $xml);
  curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
  curl_setopt($ch, CURLOPT_REFERER, "https://adfapi.adftest.rightmove.com/v1/property/sendpropertydetails");
  curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
  curl_setopt ($ch, CURLOPT_VERBOSE , 1);

 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

  $ch_result = curl_exec($ch);
print curl_errno($ch);
print curl_error($ch);
  echo "Result = ".$ch_result;
  curl_close($ch);

reading SSL page with CURL (php)

It sounds like you might be misinterpreting the error. It looks to me like the site you're connecting to is self-signed or some other common problem. Just like the usual browser warning, you're easiest work around is to disable the checks.

You'll need to set CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST to FALSE. This should disable the two main checks. They may not both be required, but this should at least get you going.

To be clear, this disables a feature designed to protect you. Only do this if you have verified the certificate and server by some other means.

More info on the PHP site: curl_setopt()

PHP CURL and SSL certificate (or cert chain)

Curl uses CA certificates in a separate location on the server than what the rest of the system, like a desktop would. I have had to install CA certificates into the filesystem before. PHP libcurl will use the libraries that the command line utility uses as well. Please see http://curl.haxx.se/docs/sslcerts.html.

PHP and SSL: How can I retrieve detailed validation results for remote site's certificate?

To get the validity period, I used this answer

and added this:

    $cert_info = openssl_x509_parse($cont["options"]["ssl"]["peer_certificate"]);

    if($cert_info['validFrom_time_t'] < time() < $cert_info['validTo_time_t']) {
        //Certificate is CURRENT!
    } else {
        //Certificate is Expired or not yet valid
    }

---

Related Topics