How do I know the SSL certificate is installed on the server? (Using PHP)

Question

How do I know the SSL certificate is installed on the server? (Using PHP)

How do I know if a site is SSL or not? I am working on a WP plugin for direct transactions and it is important that the plugin verifies that the site (where the plugin is installed) is using SSL or not, and I have to show a warning message on the verification page if the site is not on SSL.

+3

url php ssl wordpress

Irfan dayan 05 Apr 12 at 11:38

source to share

5 answers

function is_exist_ssl($domain){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://".$domain);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
curl_setopt ($ch, CURLOPT_HEADER, 0);
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
curl_exec($ch);

if(!curl_error($ch)){
$info = curl_getinfo($ch);
if($info['http_code'] == 200){
return true;
}
return false;
}else{
return false;
}
}

using:

$domain = 'uniapple.net';

if(is_exist_ssl($domain)){
echo "SSL is enabled!";
}else{
echo "No SSL"; 
}

//usage ::
if(!isset($_SERVER['REDIRECT_HTTPS']) || $_SERVER['REDIRECT_HTTPS'] != 'on'){
if(is_exist_ssl($domain)){
header('location : https://'.$domain);
}
}

+1

Alfred francis 05 Apr 12 at 12:14

source to share

Since this question is old and the answers are a bit out of date, I thought I'd be calling!

I saw you asking about the WordPress plugin. WordPress has is_ssl () to check if a page is using ssl with WordPress 2.6.

+1

Andre Gagnon June 14. 17 at 14:52

source to share

If it is an HTTPS request, the "HTTPS" value in the $ _SERVER superglobal will be set and set to 'on'. If it is not an HTTPS request, it will not be installed.

So, to check if it is an HTTPS request in PHP, you can do this:

    if( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on' ) {
        ...
    }

Alternatively, you can set it as a constant if you need to know if it asks for HTTPS multiple times in your code, for example:

define('IS_HTTPS_REQUEST', isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on');

0

Sandeep manne 05 Apr 12 at 11:51

source to share

There are a number of solutions to this problem described in this question . If you are using Apache Httpd and you can narrow the path to a specific prefix, you can use SSLRequireSSL

in the directive Location

. Alternatively, you can check $_SERVER['HTTPS']

in PHP if it is defined (this may depend on the web server, but it usually is).

More importantly, don't focus on validating the page you serve over HTTPS. The client has to verify this because by the time it reaches the server it is too late: it may have already been intercepted by an MITM attacker (who can even make the request over HTTPS, even if the genuine client did not). I have explained this issue in detail in this answer . From a UI perspective, you should clearly indicate that the user will enter the "secure" section and he will make sure that subsequent requests are exceeded over HTTPS.

It's not necessarily a bad thing to check that your server is actually running over HTTPS, but it doesn't help much from a security standpoint. The important thing is that all links to this secure section must use https://

(and must not rely on automatic URL rewriting to do so).

0

Bruno 05 Apr 12 at 13:24

source to share

rael_kid · Accepted Answer · 2012-04-05T11:43:12+0000

You can check the variable $_SERVER['HTTPS']

.

How do I know the SSL certificate is installed on the server? (Using PHP)

More articles: