Jump to content

Bako

New Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Contact Methods

  • Website URL
    https://boydhanaleiako.me

Profile Information

  • Location
    Hawaii

Bako's Achievements

Newbie

Newbie (1/5)

0

Reputation

  1. Bako
    Thanks @gizmola and @requinix for dealing with my noobness. I'd buy you a cup of coffee if I could. So, now I'm trying to figure out displaying the PKCS7 stuff. Below isn't quite working. pkcs7 = openssl_pkcs7_read($_SERVER['SSL_CLIENT_CERT_CHAIN_0']); print_r(array_values($pkcs7));
  2. Bako
    $cert = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']); var_dump($cert); printf("<br><br><br>"); print_r(array_values($cert)); printf("<br><br><br>"); sanext=print_r(array_values($cert[extensions][subjectAltName])); printf("\n\n### %s\n\n\n",$sanext; printf("<br><br><br>"); .... What am I doing wrong...
  3. Bako
    I see... Any keywords I should google on figuring out this nested array type thing? Trying to get the subjectAltName Below is the output of this... $certObj = openssl_x509_read(file_get_contents($_SERVER['SSL_CLIENT_CERT'])); #$cert = openssl_x509_parse($certObj); $cert = openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']); var_dump($cert); printf("<br><br><br>"); print_r(array_values($cert)); printf("<br><br><br>"); Output: array(16) { ["name"]=> string(40) "/emailAddress=boyd.hanalei.ako@gmail.com" ["subject"]=> array(1) { ["emailAddress"]=> string(26) "boyd.hanalei.ako@gmail.com" } ["hash"]=> string(8) "29c7144b" ["issuer"]=> array(5) { ["C"]=> string(2) "GB" ["ST"]=> string(18) "Greater Manchester" ["L"]=> string(7) "Salford" ["O"]=> string(15) "Sectigo Limited" ["CN"]=> string(53) "Sectigo RSA Client Authentication and Secure Email CA" } ["version"]=> int(2) ["serialNumber"]=> string(39) "293838373167574313158409699983802423973" ["serialNumberHex"]=> string(32) "DD0F3650BAF3404F9B84A0AB065EDAA5" ["validFrom"]=> string(13) "201206000000Z" ["validTo"]=> string(13) "231206235959Z" ["validFrom_time_t"]=> int(1607212800) ["validTo_time_t"]=> int(1701907199) ["signatureTypeSN"]=> string(10) "RSA-SHA256" ["signatureTypeLN"]=> string(23) "sha256WithRSAEncryption" ["signatureTypeNID"]=> int(668) ["purposes"]=> array(9) { [1]=> array(3) { [0]=> bool(true) [1]=> bool(false) [2]=> string(9) "sslclient" } [2]=> array(3) { [0]=> bool(false) [1]=> bool(false) [2]=> string(9) "sslserver" } [3]=> array(3) { [0]=> bool(false) [1]=> bool(false) [2]=> string(11) "nssslserver" } [4]=> array(3) { [0]=> bool(true) [1]=> bool(false) [2]=> string(9) "smimesign" } [5]=> array(3) { [0]=> bool(true) [1]=> bool(false) [2]=> string(12) "smimeencrypt" } [6]=> array(3) { [0]=> bool(false) [1]=> bool(false) [2]=> string(7) "crlsign" } [7]=> array(3) { [0]=> bool(true) [1]=> bool(true) [2]=> string(3) "any" } [8]=> array(3) { [0]=> bool(true) [1]=> bool(false) [2]=> string(10) "ocsphelper" } [9]=> array(3) { [0]=> bool(false) [1]=> bool(false) [2]=> string(13) "timestampsign" } } ["extensions"]=> array(9) { ["authorityKeyIdentifier"]=> string(66) "keyid:09:C0:F2:FC:0B:DA:94:DB:5F:FE:2B:DF:A8:99:42:CF:C9:E0:AD:00 " ["subjectKeyIdentifier"]=> string(59) "59:A6:57:6E:04:AE:FB:2B:2F:36:CA:7F:1B:8E:C9:D0:44:A4:71:59" ["keyUsage"]=> string(35) "Digital Signature, Key Encipherment" ["basicConstraints"]=> string(8) "CA:FALSE" ["extendedKeyUsage"]=> string(48) "E-mail Protection, TLS Web Client Authentication" ["certificatePolicies"]=> string(66) "Policy: 1.3.6.1.4.1.6449.1.2.1.1.1 CPS: https://sectigo.com/CPS " ["crlDistributionPoints"]=> string(92) " Full Name: URI:http://crl.sectigo.com/SectigoRSAClientAuthenticationandSecureEmailCA.crl " ["authorityInfoAccess"]=> string(126) "CA Issuers - URI:http://crt.sectigo.com/SectigoRSAClientAuthenticationandSecureEmailCA.crt OCSP - URI:http://ocsp.sectigo.com " ["subjectAltName"]=> string(32) "email:boyd.hanalei.ako@gmail.com" } } <br><br><br>Array ( [0] => /emailAddress=boyd.hanalei.ako@gmail.com [1] => Array ( [emailAddress] => boyd.hanalei.ako@gmail.com ) [2] => 29c7144b [3] => Array ( [C] => GB [ST] => Greater Manchester [L] => Salford [O] => Sectigo Limited [CN] => Sectigo RSA Client Authentication and Secure Email CA ) [4] => 2 [5] => 293838373167574313158409699983802423973 [6] => DD0F3650BAF3404F9B84A0AB065EDAA5 [7] => 201206000000Z [8] => 231206235959Z [9] => 1607212800 [10] => 1701907199 [11] => RSA-SHA256 [12] => sha256WithRSAEncryption [13] => 668 [14] => Array ( [1] => Array ( [0] => 1 [1] => [2] => sslclient ) [2] => Array ( [0] => [1] => [2] => sslserver ) [3] => Array ( [0] => [1] => [2] => nssslserver ) [4] => Array ( [0] => 1 [1] => [2] => smimesign ) [5] => Array ( [0] => 1 [1] => [2] => smimeencrypt ) [6] => Array ( [0] => [1] => [2] => crlsign ) [7] => Array ( [0] => 1 [1] => 1 [2] => any ) [8] => Array ( [0] => 1 [1] => [2] => ocsphelper ) [9] => Array ( [0] => [1] => [2] => timestampsign ) ) [15] => Array ( [authorityKeyIdentifier] => keyid:09:C0:F2:FC:0B:DA:94:DB:5F:FE:2B:DF:A8:99:42:CF:C9:E0:AD:00 [subjectKeyIdentifier] => 59:A6:57:6E:04:AE:FB:2B:2F:36:CA:7F:1B:8E:C9:D0:44:A4:71:59 [keyUsage] => Digital Signature, Key Encipherment [basicConstraints] => CA:FALSE [extendedKeyUsage] => E-mail Protection, TLS Web Client Authentication [certificatePolicies] => Policy: 1.3.6.1.4.1.6449.1.2.1.1.1 CPS: https://sectigo.com/CPS [crlDistributionPoints] => Full Name: URI:http://crl.sectigo.com/SectigoRSAClientAuthenticationandSecureEmailCA.crl [authorityInfoAccess] => CA Issuers - URI:http://crt.sectigo.com/SectigoRSAClientAuthenticationandSecureEmailCA.crt OCSP - URI:http://ocsp.sectigo.com [subjectAltName] => email:boyd.hanalei.ako@gmail.com ) )
  4. Bako
    So, this gets me the screenshot... <?php $certObj = openssl_x509_read(file_get_contents($_SERVER['SSL_CLIENT_CERT'])); $cert = openssl_x509_parse($certObj); var_dump($cert); printf("<br><br><br>"); printf("SSL_CLIENT_M_SERIAL:\t%s<br>\n",$_SERVER['SSL_CLIENT_M_SERIAL']); printf("SSL_CLIENT_S_DN:\t%s<br>\n",$_SERVER['SSL_CLIENT_S_DN']); printf("SSL_CLIENT_S_DN_CN:\t%s<br>\n",$_SERVER['SSL_CLIENT_S_DN_CN']); printf("SSL_CLIENT_SAN_Email_0:\t%s<br>\n",$_SERVER['SSL_CLIENT_SAN_Email_0']); printf("SSL_CLIENT_SAN_OTHER_msUPN_0:\t%s<br>\n",$_SERVER['SSL_CLIENT_SAN_OTHER_msUPN_0']); printf("SSL_CLIENT_SAN_DNS_0:\t%s<br>\n",$_SERVER['SSL_CLIENT_SAN_DNS_0']); printf("SSL_CLIENT_CERT_RFC4523_CEA:\t%s<br>\n",$_SERVER['SSL_CLIENT_CERT_RFC4523_CEA']); printf("####\tSSL_CLIENT_CERT_CHAIN_0\t####<br>\n%s<br>\n",$_SERVER['SSL_CLIENT_CERT_CHAIN_0']); printf("####\tSSL_CLIENT_CERT\t####<br>\n%s<br>\n",$_SERVER['SSL_CLIENT_CERT']); $certObj = openssl_x509_read(file_get_contents($_SERVER['SSL_CLIENT_CERT'])); $cert = openssl_x509_parse($certObj); var_dump($cert); phpinfo(); ?> I'm trying to figure out how to do the equivalent of `openssl x509 -text -noout`.
  5. Bako
    "tried" yes. Succeeded? Not so much. I probably doing it wrong by trying to shove $_SERVER['SSL_CLIENT_CERT'] into another variable that I use in that function. My BASH brain kicks in so it possibly might have something to do with syntax.
  6. Bako
    I've been trying to figure out how to get $_SERVER['SSL_CLIENT_CERT'] into a way I can extract some of the x.509 certificate attributes. Unfortunately, the Apache variables and the PHP OpenSSL functions don't have a way to display the certificate "Key Usage" attributes.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.