d2jsp
Log InRegister
d2jsp Forums > Off-Topic > Computers & IT > Programming & Development > [php] Ssl Verification Script
Add Reply New Topic New Poll
Views: 524Replies: 0Track Topic
Member
Posts: 1,358
Joined: Dec 30 2012
Gold: 0.10
#1
Oct 21 2014 10:05pm
I'm trying to write up a script that will verify an SSL cert on a user specified, domain name.

What i'm trying to do is essentially the same as what this site does: https://www.sslshopper.com/ssl-checker.html#hostname=www.google.com

I guess what I need help with is understanding the verification process and the key components that need to be checked.

I can see what they check on sslshopper.com but i still don't have clarity about how it works on the backend.

I was able to find a php function which builds an array with a site's ssl information which i've pasted below.

Hoping someone could graciously give me a run down of the verification process

Code
Array
(
[name] => /C=US/ST=California/L=Mountain View/O=Google Inc/CN=www.google.com
[subject] => Array
(
[C] => US
[ST] => California
[L] => Mountain View
[O] => Google Inc
[CN] => www.google.com
)

[hash] => 7a9443df
[issuer] => Array
(
[C] => US
[O] => Google Inc
[CN] => Google Internet Authority G2
)

[version] => 2
[serialNumber] => 3159086841929812565
[validFrom] => 141008120757Z
[validTo] => 150106000000Z
[validFrom_time_t] => 1412770077
[validTo_time_t] => 1420502400
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] =>
[2] => sslclient
)

[2] => Array
(
[0] => 1
[1] =>
[2] => sslserver
)

[3] => Array
(
[0] => 1
[1] =>
[2] => nssslserver
)

[4] => Array
(
[0] =>
[1] =>
[2] => smimesign
)

[5] => Array
(
[0] =>
[1] =>
[2] => smimeencrypt
)

[6] => Array
(
[0] => 1
[1] =>
[2] => crlsign
)

[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)

[8] => Array
(
[0] => 1
[1] =>
[2] => ocsphelper
)

[9] => Array
(
[0] =>
[1] =>
[2] => timestampsign
)

)

[extensions] => Array
(
[extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
[subjectAltName] => DNS:www.google.com
[authorityInfoAccess] => CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp

[subjectKeyIdentifier] => 3B:6B:E0:9C:C6:C6:41:C8:EA:5C:FB:1A:58:15:C2:1B:9D:43:19:85
[basicConstraints] => CA:FALSE
[authorityKeyIdentifier] => keyid:4A:DD:06:16:1B:BC:F6:68:B5:76:F5:81:B6:BB:62:1A:BA:5A:81:2F

[certificatePolicies] => Policy: 1.3.6.1.4.1.11129.2.5.1

[crlDistributionPoints] =>
Full Name:
URI:http://pki.google.com/GIAG2.crl

)

)


This post was edited by SelfTaught on Oct 21 2014 10:10pm
Go Back To Programming & Development Topic List
Add Reply New Topic New Poll

© 2003-2026 d2jsp  Contact