How to read a digital certificate file with php

Question

How to read a digital certificate file with php

Asked 9 years, 3 months ago

Viewed 5,569 times

6

I have a system where it does digital certificate storage, I need some information in addition to the file itself, one such information is the expiration date of the certificate.

The question is, how to read this file so that I can catch the expiration date of this certificate?

The certificate is type A1, and the file extension is in pfx.

I found a solution in this post.

2 answers

Browser other questions tagged php certified

You are not signed in. Login or sign up in order to post.

by Jose Augusto Freire • 51 points · Answer 1 · 2017-02-15T20:09:20+00:00

Here is an example of reading the certificate in pfx format, I hope it helps!

<?php
//Caminho do Certificado
$pfxCertPrivado = 'certificado.pfx';
$cert_password  = 'senha';

if (!file_exists($pfxCertPrivado)) {
   echo "Certificado não encontrado!! " . $pfxCertPrivado;
}

$pfxContent = file_get_contents($pfxCertPrivado);

if (!openssl_pkcs12_read($pfxContent, $x509certdata, $cert_password)) {
   echo "O certificado não pode ser lido!!";
} else {

   $CertPriv   = array();
   $CertPriv   = openssl_x509_parse(openssl_x509_read($x509certdata['cert']));

   $PrivateKey = $x509certdata['pkey'];

   $pub_key = openssl_pkey_get_public($x509certdata['cert']);
   $keyData = openssl_pkey_get_details($pub_key);

   $PublicKey  = $keyData['key'];

   echo '<br>'.'<br>'.'--- Dados do Certificado ---'.'<br>'.'<br>';
   echo $CertPriv['name'].'<br>';                           //Nome
   echo $CertPriv['hash'].'<br>';                           //hash
   echo $CertPriv['subject']['C'].'<br>';                   //País
   echo $CertPriv['subject']['ST'].'<br>';                  //Estado
   echo $CertPriv['subject']['L'].'<br>';                   //Município
   echo $CertPriv['subject']['CN'].'<br>';                  //Razão Social e CNPJ / CPF
   echo date('d/m/Y', $CertPriv['validTo_time_t'] ).'<br>'; //Validade
   echo $CertPriv['extensions']['subjectAltName'].'<br>';   //Emails Cadastrados separado por ,
   echo $CertPriv['extensions']['authorityKeyIdentifier'].'<br>'; 
   echo $CertPriv['issuer']['OU'].'<br>';                   //Emissor 
   echo '<br>'.'<br>'.'--- Chave Pública ---'.'<br>'.'<br>';
   print_r($PublicKey);
   echo '<br>'.'<br>'.'--- Chave Privada ---'.'<br>'.'<br>';
   echo $PrivateKey;
}
?>

by Franchesco • **5,144** points · Answer 2 · 2015-03-19T17:38:17+00:00

4

You can use the function openssl_x509_parse() to read the certificate and then return the information in the form of array. For example:

$certpath = "certificado.cer";
$certinfo = openssl_x509_parse(file_get_contents($certpath));
echo "Data de validade: " . $certinfo['validFrom_time_t'];

Friend, one detail I forgot to add to my question, is that the file extension is in 'pfx', so there is some way I can convert this file before reading?

– Meeeefiu

2015/03/20 at 18:54
1

I found a solution that includes a part of what you put in your answer.

– Meeeefiu

2016/09/08 at 18:08
@Mathdesigner47, the solution you found needs to transform .pfx in .cer ? If not, and found an easier way, please post, I will improve my code. Currently my function runs on shell conversion of the file into .pub to be able to read the data.

– William Novak

2016/09/08 at 18:51