verify server certificate

[traiancho]

How can I verify server certificate via php.

What must I have to do this? probably server public key?

 

I want something like this:

 

$cert = get_server_sertificate("https://somthing.com");

$local_beforehand_got_server_key = $open_cert("file_to_public_key_on_local_machine");

 

if($cert ->public_key != $local_beforehand_got_server_key){

    die("wrong identity");

}else {

  $str = file_get_contents("https://somthing.com");

  echo($str);

}

 

10x.

 

 

 

 

[bache]

Am I wrong or you are not sure what you want to do?

If the server has a certificate and it is signed by trusted CA the browser will open the page you are requesting. If the server's certificate is not signed by trusted CA the browser will warn you about that.

 

PHP is on the server side, not on the client. If you want you can get information about the client's certificate and permit the client to enter your site or not.

 

What exactly do you want to do?

[traiancho]

I talk about the case one we have two servers. One server - mine, want to read data from another via ssl.

PHP have build in functions that reads from url example: file_get_contents(https://blabla.com)

 

The problem is when my server reads data from remote server. I want to check that server "https://blabla.com" is genuine, but not "man in the middle".

[bache]

OK, sorry, I didn't understand you but now I know what you mean.

 

You should check curl, it may have a functionality like this.

[dbo]

You really ought to consider the root of the problem. Why would a potentially untrusted URL make it into you application to begin with?