【问题标题】:Check SSL certificate hashes with PHP使用 PHP 检查 SSL 证书哈希
【发布时间】:2019-07-04 10:38:15
【问题描述】:

我正在尝试制作一个简单的工具来检查 SSL 证书(csr、密钥和 crt)文件的哈希值。我的代码似乎无法正常工作。它会检查哈希值,但模拟错误的证书不会给我一个错误。

尝试制作简单的 HTML 和 PHP 应用程序。

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>SSL Test</title>
</head>
<body>
<div style="text-align:center">
    <h1>Certificate Test</h1>
    <form name="certForm" action="verify.php" method="post">
        <div>
            <label for="csr">CSR file:</label>
            <input type="file" name="csr" id="csr" accept=".csr"/>
        </div>
        <div>
            <label for="key">KEY file:</label>
            <input type="file" name="key" id="key" accept=".key"/>
        </div>
        <div>
            <label for="crt">CRT file:</label>
            <input type="file" name="crt" id="crt" accept=".crt,.cert"/>
        </div>

        <button type="submit">Check</button>
        <button type="reset">Reset</button>
    </form>
</div>

</body>
</html>
<?php
header('Content-Type: text/html; charset=utf-8');

$csr = $_POST['csr'];
$key = $_POST['key'];
$crt = $_POST['crt'];

if (!$csr || !$key || !$crt) {
    die('Files not specified. Go back and try again');
}

$hashCsr = exec("openssl req -in $csr -pubkey -noout -outform pem | sha256sum");
$hashKey = exec("openssl pkey -in $key -pubout -outform pem | sha256sum");
$hashCrt = exec("openssl x509 -in $crt -pubkey -noout -outform pem | sha256sum");

echo "<p><strong>File:</strong> $csr <strong>Hash:</strong> $hashCsr</p>";
echo "<p><strong>File:</strong> $key <strong>Hash:</strong> $hashKey</p>";
echo "<p><strong>File:</strong> $crt <strong>Hash:</strong> $hashCrt</p>";

if (($hashCsr === $hashKey) && ($hashCsr === $hashCrt) && ($hashKey === $hashCrt)) {
    echo "<p style='color: green;'>Certificates match!</p>";
}
else {
    echo "<p style='color: red;'>Certificates do NOT match!</p>";
}
?>

如果哈希匹配,则显示成功消息,否则显示错误消息。

【问题讨论】:

    标签: php ssl certificate


    【解决方案1】:

    如果所有变量:$hashCsr、$hashKey 和 $hashCrt 都是空的,它将通过您的“证书匹配”测试。

    if (($hashCsr === $hashKey) && ($hashCsr === $hashCrt) && ($hashKey === $hashCrt) && $hashCsr != '')
    {
        echo "<p style='color: green;'>Certificates match!</p>";
    }
    else
    {
        echo "<p style='color: red;'>Certificates do NOT match!</p>";
    }
    

    顺便你可以用php openssl extension

    【讨论】:

      【解决方案2】:

      感谢您的评论。我对 PHP 代码进行了一些更改,它现在可以工作了。

      <?php
      header('Content-Type: text/html; charset=utf-8');
      
      $fileCsr = $_FILES["csr"]["name"];
      $fileKey = $_FILES["key"]["name"];
      $fileCrt = $_FILES["crt"]["name"];
      
      $csr = $_FILES["csr"]["tmp_name"];
      $key = $_FILES["key"]["tmp_name"];
      $crt = $_FILES["crt"]["tmp_name"];
      
      if (!$csr || !$key || !$crt) {
          die("Files not specified. <a href='index.html'>Go back</a> and try again");
      }
      
      $hashKey = exec("openssl pkey -in " . $key . " -pubout -outform pem | sha256sum ");
      $hashCsr = exec("openssl req -in " . $csr . " -pubkey -noout -outform pem | sha256sum");
      $hashCrt = exec("openssl x509 -in " . $crt . " -pubkey -noout -outform pem | sha256sum");
      
      echo "<table>";
      echo "<tr><td><strong>Signing Request:</strong></td><td>" . $fileCsr . "</td><td><strong>Hash:</strong></td><td>" . $hashCsr . "</td></tr>";
      echo "<tr><td><strong>Private Key:</strong></td><td>" . $fileKey . "</td><td><strong>Hash:</strong></td><td>" . $hashKey . "</td></tr>";
      echo "<tr><td><strong>Public Key:</strong></td><td>" . $fileCrt . " </td><td><strong>Hash:</strong></td><td>" . $hashCrt . "</td></tr>";
      echo "</table>";
      
      if ($hashCsr === $hashKey && $hashCsr === $hashCrt && $hashKey === $hashCrt && $hashCsr != '') {
          echo "<p style='color: green;'>Certificates match!</p>";
      }
      else {
          echo "<p style='color: red;'>Certificates do NOT match!</p>";
      }
      
      echo "<a href='index.html'>Go back</a>";
      ?>
      

      【讨论】:

        猜你喜欢
        • 2012-09-20
        • 2013-01-14
        • 1970-01-01
        • 1970-01-01
        • 2017-02-03
        • 2016-11-13
        • 1970-01-01
        • 1970-01-01
        • 2014-06-23
        相关资源
        最近更新 更多