I have tried to use this PHP code script to check SSL private key with SSL certificate match or not the result is match every time.
error_reporting(E_ALL & ~E_NOTICE); if (!extension_loaded('OpenSSL')) { $this->markTestSkipped("Need OpenSSL extension"); } $pkey = "-----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvwT54v2kQTRP3 ZnJepfuBgEUfrEqBZ7zLm87s1NHwwJNNbwqGCYTIoCv4xDgRCK7X7NVmMyV2OWIn ... -----END PRIVATE KEY-----"; $cert = "-----BEGIN CERTIFICATE----- MIIGRTCCBS2gAwIBAgIQVWcnF+whEw+mvnBlp/JMCzANBgkqhkiG9w0BAQsFADCB kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G ... -----END CERTIFICATE-----"; $check_result = check_pkey_cert_match($pkey, $cert); if($check_result == true) { echo "Match"; } else { echo "Not Match"; }
this function use openssl by shell_exec it can export files server.crt, server.key, server.csr
function check_pkey_cert_match($Private_Key, $Certificate) { //checks if Private Key match Certificate $random_blurp = rand(10,99999); $tmp_dir = "/tmp/"; if(openssl_x509_export_to_file($Certificate, $tmp_dir.$random_blurp.'.server.crt')) { echo "Export Cert OK = ".$tmp_dir.$random_blurp.".server.crt"; } else { echo "Export Crt Error"; } if(openssl_pkey_export_to_file($Private_Key, $tmp_dir.$random_blurp.'.server.key')) { echo "Export Pkey OK = ".$tmp_dir.$random_blurp.".server.key"; } else { echo "Export Pkey Error"; }
but when i use this shell_exec for check $pkey_check & $cert_check match or not it still result match every time. Because $pkey_check & $cert_check = null
$pkey_check = shell_exec('openssl pkey -in '.$tmp_dir.$random_blurp.'.server.key -pubout -outform pem | sha256sum'); $cert_check = shell_exec('openssl x509 -in '.$tmp_dir.$random_blurp.'.server.crt -pubout -outform pem | sha256sum'); // $csr_check = shell_exec('openssl req -in '.$tmp_dir.$random_blurp.'.server.csr -pubout -outform pem | sha256sum'); //remove those temp files. unlink($tmp_dir.'server.crt'); unlink($tmp_dir.'server_key'); //unlink($tmp_dir.'server.csr'); //Check for match if ( $cert_check == $pkey_check ) { return true; } else { return false; }
Result of above script
Export Cert OK = /tmp/41893.server.crt
Export Pkey OK = /tmp/41893.server.key
cert_check =
pkey_check =
Match
I have try another shell_exec but the same resutl
/* $pkey_check = shell_exec('openssl rsa -noout -modulus -in server.key | openssl md5'); $cert_check = shell_exec('openssl x509 -noout -modulus -in server.crt | openssl md5'); $csr_check = shell_exec('openssl req -noout -modulus -in server.csr | openssl md5'); */ /* $pkey_check = shell_exec('openssl rsa -modulus -in '.$tmp_dir.$random_blurp.'.server.key | openssl md5 2>&1'); $cert_check = shell_exec('openssl x509 -modulus -in '.$tmp_dir.$random_blurp.'.server.crt | openssl md5 2>&1'); $csr_check = shell_exec('openssl req -noout -modulus -in '.$tmp_dir.$random_blurp.'.server.csr | openssl md5 2>&1'); */ $pkey_check = shell_exec('openssl pkey -in '.$tmp_dir.$random_blurp.'.server.key -pubout -outform pem | sha256sum'); $cert_check = shell_exec('openssl x509 -in '.$tmp_dir.$random_blurp.'.server.crt -pubout -outform pem | sha256sum'); // $csr_check = shell_exec('openssl req -in '.$tmp_dir.$random_blurp.'.server.csr -pubout -outform pem | sha256sum');
Advertisement
Answer
(Posted on behalf of the question author).
This simple script use to check private key & certificate match or not.
error_reporting(E_ALL & ~E_NOTICE); if (!extension_loaded('OpenSSL')) { $this->markTestSkipped("Need OpenSSL extension"); }
Define $cert and $pkey (or use $_POST[$cert] and $_POST[$pkey] instead)
$pkey = "-----BEGIN PRIVATE KEY----- MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvwT54v2kQTRP3 ZnJepfuBgEUfrEqBZ7zLm87s1NHwwJNNbwqGCYTIoCv4xDgRCK7X7NVmMyV2OWIn ... -----END PRIVATE KEY-----"; $cert = "-----BEGIN CERTIFICATE----- MIIGRTCCBS2gAwIBAgIQVWcnF+whEw+mvnBlp/JMCzANBgkqhkiG9w0BAQsFADCB kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G ... -----END CERTIFICATE-----";
Call function check_pkey_cert_match() and result.
$check_result = check_pkey_cert_match($pkey, $cert); if($check_result == true) { echo "Match"; } else { echo "Not Match"; }
Just use Function openssl_x509_check_private_key()
function check_pkey_cert_match($Private_Key, $Certificate) { //Check for match if(openssl_x509_check_private_key ( $Certificate , $Private_Key )) { return true; } else { return false; } }