SSL: match private key with certificate using PHP (without phpseclib)

error_reporting(E_ALL & ~E_NOTICE);

if (!extension_loaded('OpenSSL')) {
        $this->markTestSkipped("Need OpenSSL extension");
}

$pkey = "-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvwT54v2kQTRP3
ZnJepfuBgEUfrEqBZ7zLm87s1NHwwJNNbwqGCYTIoCv4xDgRCK7X7NVmMyV2OWIn
...
-----END PRIVATE KEY-----";

$cert = "-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIQVWcnF+whEw+mvnBlp/JMCzANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
...
-----END CERTIFICATE-----";

$check_result = check_pkey_cert_match($pkey, $cert);

if($check_result == true) {
  echo "Match";
} else {
  echo "Not Match";
}

error_reporting(E_ALL & ~E_NOTICE);

​

if (!extension_loaded('OpenSSL')) {

        $this->markTestSkipped("Need OpenSSL extension");

}

​

$pkey = "-----BEGIN PRIVATE KEY-----

MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvwT54v2kQTRP3

ZnJepfuBgEUfrEqBZ7zLm87s1NHwwJNNbwqGCYTIoCv4xDgRCK7X7NVmMyV2OWIn

...

-----END PRIVATE KEY-----";

​

$cert = "-----BEGIN CERTIFICATE-----

MIIGRTCCBS2gAwIBAgIQVWcnF+whEw+mvnBlp/JMCzANBgkqhkiG9w0BAQsFADCB

kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G

...

-----END CERTIFICATE-----";

​

$check_result = check_pkey_cert_match($pkey, $cert);

​

if($check_result == true) {

  echo "Match";

} else {

  echo "Not Match";

}

​

function check_pkey_cert_match($Private_Key, $Certificate) {
  //checks if Private Key match Certificate

  $random_blurp = rand(10,99999);
  $tmp_dir = "/tmp/";

  if(openssl_x509_export_to_file($Certificate, $tmp_dir.$random_blurp.'.server.crt')) {
     echo "Export Cert OK = ".$tmp_dir.$random_blurp.".server.crt";
  } else {
    echo "Export Crt Error";
  }

  if(openssl_pkey_export_to_file($Private_Key, $tmp_dir.$random_blurp.'.server.key')) {
     echo "Export Pkey OK = ".$tmp_dir.$random_blurp.".server.key";
  } else {
     echo "Export Pkey Error";
  }

function check_pkey_cert_match($Private_Key, $Certificate) {

  //checks if Private Key match Certificate

​

  $random_blurp = rand(10,99999);

  $tmp_dir = "/tmp/";

​

  if(openssl_x509_export_to_file($Certificate, $tmp_dir.$random_blurp.'.server.crt')) {

     echo "Export Cert OK = ".$tmp_dir.$random_blurp.".server.crt";

  } else {

    echo "Export Crt Error";

  }

​

  if(openssl_pkey_export_to_file($Private_Key, $tmp_dir.$random_blurp.'.server.key')) {

     echo "Export Pkey OK = ".$tmp_dir.$random_blurp.".server.key";

  } else {

     echo "Export Pkey Error";

  }

​

  $pkey_check = shell_exec('openssl pkey  -in 
'.$tmp_dir.$random_blurp.'.server.key -pubout -outform pem | sha256sum');

  $cert_check = shell_exec('openssl x509  -in 
'.$tmp_dir.$random_blurp.'.server.crt  -pubout -outform pem | sha256sum');

 // $csr_check = shell_exec('openssl req -in '.$tmp_dir.$random_blurp.'.server.csr -pubout -outform pem | sha256sum');


  //remove those temp files.

  unlink($tmp_dir.'server.crt');

  unlink($tmp_dir.'server_key');

  //unlink($tmp_dir.'server.csr');

  //Check for match

  if ( $cert_check == $pkey_check ) {
    return true;
  } else {
    return false;
  }

  $pkey_check = shell_exec('openssl pkey  -in 

'.$tmp_dir.$random_blurp.'.server.key -pubout -outform pem | sha256sum');

​

  $cert_check = shell_exec('openssl x509  -in 

'.$tmp_dir.$random_blurp.'.server.crt  -pubout -outform pem | sha256sum');

​

 // $csr_check = shell_exec('openssl req -in '.$tmp_dir.$random_blurp.'.server.csr -pubout -outform pem | sha256sum');

​

​

  //remove those temp files.

​

  unlink($tmp_dir.'server.crt');

​

  unlink($tmp_dir.'server_key');

​

  //unlink($tmp_dir.'server.csr');

​

  //Check for match

​

  if ( $cert_check == $pkey_check ) {

    return true;

  } else {

    return false;

  }

​

  /*
  $pkey_check = shell_exec('openssl rsa -noout -modulus -in  server.key | openssl md5');
  $cert_check = shell_exec('openssl x509 -noout -modulus -in server.crt | openssl md5');
  $csr_check = shell_exec('openssl req -noout -modulus -in  server.csr | openssl md5');
  */

  /*  
  $pkey_check = shell_exec('openssl rsa  -modulus -in '.$tmp_dir.$random_blurp.'.server.key | openssl md5 2>&1');
  $cert_check = shell_exec('openssl x509  -modulus -in '.$tmp_dir.$random_blurp.'.server.crt | openssl md5 2>&1');
  $csr_check = shell_exec('openssl req -noout -modulus -in '.$tmp_dir.$random_blurp.'.server.csr | openssl md5 2>&1');
  */

  $pkey_check = shell_exec('openssl pkey  -in '.$tmp_dir.$random_blurp.'.server.key -pubout -outform pem | sha256sum');
  $cert_check = shell_exec('openssl x509  -in '.$tmp_dir.$random_blurp.'.server.crt  -pubout -outform pem | sha256sum');
 // $csr_check = shell_exec('openssl req -in '.$tmp_dir.$random_blurp.'.server.csr -pubout -outform pem | sha256sum');

  /*

  $pkey_check = shell_exec('openssl rsa -noout -modulus -in  server.key | openssl md5');

  $cert_check = shell_exec('openssl x509 -noout -modulus -in server.crt | openssl md5');

  $csr_check = shell_exec('openssl req -noout -modulus -in  server.csr | openssl md5');

  */

​

  /*  

  $pkey_check = shell_exec('openssl rsa  -modulus -in '.$tmp_dir.$random_blurp.'.server.key | openssl md5 2>&1');

  $cert_check = shell_exec('openssl x509  -modulus -in '.$tmp_dir.$random_blurp.'.server.crt | openssl md5 2>&1');

  $csr_check = shell_exec('openssl req -noout -modulus -in '.$tmp_dir.$random_blurp.'.server.csr | openssl md5 2>&1');

  */

​

  $pkey_check = shell_exec('openssl pkey  -in '.$tmp_dir.$random_blurp.'.server.key -pubout -outform pem | sha256sum');

  $cert_check = shell_exec('openssl x509  -in '.$tmp_dir.$random_blurp.'.server.crt  -pubout -outform pem | sha256sum');

 // $csr_check = shell_exec('openssl req -in '.$tmp_dir.$random_blurp.'.server.csr -pubout -outform pem | sha256sum');

​

error_reporting(E_ALL & ~E_NOTICE);

if (!extension_loaded('OpenSSL')) {
        $this->markTestSkipped("Need OpenSSL extension");
}

error_reporting(E_ALL & ~E_NOTICE);

​

if (!extension_loaded('OpenSSL')) {

        $this->markTestSkipped("Need OpenSSL extension");

}

​

$pkey = "-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvwT54v2kQTRP3
ZnJepfuBgEUfrEqBZ7zLm87s1NHwwJNNbwqGCYTIoCv4xDgRCK7X7NVmMyV2OWIn
...
-----END PRIVATE KEY-----";

$cert = "-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIQVWcnF+whEw+mvnBlp/JMCzANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
...
-----END CERTIFICATE-----";

$pkey = "-----BEGIN PRIVATE KEY-----

MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvwT54v2kQTRP3

ZnJepfuBgEUfrEqBZ7zLm87s1NHwwJNNbwqGCYTIoCv4xDgRCK7X7NVmMyV2OWIn

...

-----END PRIVATE KEY-----";

​

$cert = "-----BEGIN CERTIFICATE-----

MIIGRTCCBS2gAwIBAgIQVWcnF+whEw+mvnBlp/JMCzANBgkqhkiG9w0BAQsFADCB

kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G

...

-----END CERTIFICATE-----";

​

$check_result = check_pkey_cert_match($pkey, $cert);

if($check_result == true) {
  echo "Match";
} else {
  echo "Not Match";
}

$check_result = check_pkey_cert_match($pkey, $cert);

​

if($check_result == true) {

  echo "Match";

} else {

  echo "Not Match";

}

​

function check_pkey_cert_match($Private_Key, $Certificate) {

  //Check for match
  if(openssl_x509_check_private_key ( $Certificate , $Private_Key )) {
      return true;
  } else {
     return false;
  }

}

function check_pkey_cert_match($Private_Key, $Certificate) {

​

  //Check for match

  if(openssl_x509_check_private_key ( $Certificate , $Private_Key )) {

      return true;

  } else {

     return false;

  }

​

}

​