Skip to content
Advertisement

SSL: match private key with certificate using PHP (without phpseclib)

I have tried to use this PHP code script to check SSL private key with SSL certificate match or not the result is match every time.

error_reporting(E_ALL & ~E_NOTICE);

if (!extension_loaded('OpenSSL')) {
        $this->markTestSkipped("Need OpenSSL extension");
}

$pkey = "-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvwT54v2kQTRP3
ZnJepfuBgEUfrEqBZ7zLm87s1NHwwJNNbwqGCYTIoCv4xDgRCK7X7NVmMyV2OWIn
...
-----END PRIVATE KEY-----";

$cert = "-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIQVWcnF+whEw+mvnBlp/JMCzANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
...
-----END CERTIFICATE-----";

$check_result = check_pkey_cert_match($pkey, $cert);

if($check_result == true) {
  echo "Match";
} else {
  echo "Not Match";
}

this function use openssl by shell_exec it can export files server.crt, server.key, server.csr 

function check_pkey_cert_match($Private_Key, $Certificate) {
  //checks if Private Key match Certificate

  $random_blurp = rand(10,99999);
  $tmp_dir = "/tmp/";

  if(openssl_x509_export_to_file($Certificate, $tmp_dir.$random_blurp.'.server.crt')) {
     echo "Export Cert OK = ".$tmp_dir.$random_blurp.".server.crt";
  } else {
    echo "Export Crt Error";
  }

  if(openssl_pkey_export_to_file($Private_Key, $tmp_dir.$random_blurp.'.server.key')) {
     echo "Export Pkey OK = ".$tmp_dir.$random_blurp.".server.key";
  } else {
     echo "Export Pkey Error";
  }

but when i use this shell_exec for check $pkey_check & $cert_check match or not it still result match every time. Because $pkey_check & $cert_check = null 

  $pkey_check = shell_exec('openssl pkey  -in 
'.$tmp_dir.$random_blurp.'.server.key -pubout -outform pem | sha256sum');

  $cert_check = shell_exec('openssl x509  -in 
'.$tmp_dir.$random_blurp.'.server.crt  -pubout -outform pem | sha256sum');

 // $csr_check = shell_exec('openssl req -in '.$tmp_dir.$random_blurp.'.server.csr -pubout -outform pem | sha256sum');


  //remove those temp files.

  unlink($tmp_dir.'server.crt');

  unlink($tmp_dir.'server_key');

  //unlink($tmp_dir.'server.csr');

  //Check for match

  if ( $cert_check == $pkey_check ) {
    return true;
  } else {
    return false;
  }

Result of above script

Export Cert OK = /tmp/41893.server.crt

Export Pkey OK = /tmp/41893.server.key

cert_check =

pkey_check =

Match

I have try another shell_exec but the same resutl

  /*
  $pkey_check = shell_exec('openssl rsa -noout -modulus -in  server.key | openssl md5');
  $cert_check = shell_exec('openssl x509 -noout -modulus -in server.crt | openssl md5');
  $csr_check = shell_exec('openssl req -noout -modulus -in  server.csr | openssl md5');
  */

  /*  
  $pkey_check = shell_exec('openssl rsa  -modulus -in '.$tmp_dir.$random_blurp.'.server.key | openssl md5 2>&1');
  $cert_check = shell_exec('openssl x509  -modulus -in '.$tmp_dir.$random_blurp.'.server.crt | openssl md5 2>&1');
  $csr_check = shell_exec('openssl req -noout -modulus -in '.$tmp_dir.$random_blurp.'.server.csr | openssl md5 2>&1');
  */

  $pkey_check = shell_exec('openssl pkey  -in '.$tmp_dir.$random_blurp.'.server.key -pubout -outform pem | sha256sum');
  $cert_check = shell_exec('openssl x509  -in '.$tmp_dir.$random_blurp.'.server.crt  -pubout -outform pem | sha256sum');
 // $csr_check = shell_exec('openssl req -in '.$tmp_dir.$random_blurp.'.server.csr -pubout -outform pem | sha256sum');

Advertisement

Answer

(Posted on behalf of the question author).

This simple script use to check private key & certificate match or not.

error_reporting(E_ALL & ~E_NOTICE);

if (!extension_loaded('OpenSSL')) {
        $this->markTestSkipped("Need OpenSSL extension");
}

Define $cert and $pkey (or use $_POST[$cert] and $_POST[$pkey] instead)

$pkey = "-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDvwT54v2kQTRP3
ZnJepfuBgEUfrEqBZ7zLm87s1NHwwJNNbwqGCYTIoCv4xDgRCK7X7NVmMyV2OWIn
...
-----END PRIVATE KEY-----";

$cert = "-----BEGIN CERTIFICATE-----
MIIGRTCCBS2gAwIBAgIQVWcnF+whEw+mvnBlp/JMCzANBgkqhkiG9w0BAQsFADCB
kDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
...
-----END CERTIFICATE-----";

Call function check_pkey_cert_match() and result.

$check_result = check_pkey_cert_match($pkey, $cert);

if($check_result == true) {
  echo "Match";
} else {
  echo "Not Match";
}

Just use Function openssl_x509_check_private_key()

function check_pkey_cert_match($Private_Key, $Certificate) {

  //Check for match
  if(openssl_x509_check_private_key ( $Certificate , $Private_Key )) {
      return true;
  } else {
     return false;
  }

}
User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement