Reading and parsing the .cer file

Question

Reading and parsing the .cer file

I have a certificate (.cer). I need to read some basic information about a certificate such as the expiration date.

I wrote this code in php

class FirmaElectronica {
    public function abrirCertificado( $path ){

        $cert_content = file_get_contents( $path );


        $res = openssl_x509_read( $cert_content );

        $data = openssl_x509_parse( $res );
        var_dump( $data );
    }
}

$firma = new FirmaElectronica();
$firma->abrirCertificado('gohl881206rga.cer');

But always get this warning and empty data array

PHP Warning:  openssl_x509_read(): supplied parameter cannot be coerced into an X509 certificate!

If i run this command i get all certificate details

openssl x509 -in gohl881206rga.cer -noout -text -inform der

What is the correct way to get the certificate data using php?

+3

php ssl

kentverger 30 oct. 14 at 18:51

source to share

3 answers

abettodreg · Answer 1 · 2014-11-03T14:33:41+0000

Using phpseclib ..

<?php
include('File/X509.php');

$x509 = new File_X509();
$cert = $x509->loadX509('...');

echo $cert['tbsCertificate']['validity']['notBefore'] . "\r\n";
echo $cert['tbsCertificate']['validity']['notAfter'];

If that doesn't work, can you post the actual certificate you are trying to get this information from?

Just van bloom · Answer 2 · 2015-11-17T23:40:48+0000

Ok. To fix this problem, you need to make sure you have the private key for the cer (or pem).

to answer

1 export cert AND for .p12

On OSX, for example: open keychain -> select your certificate AND include key -> ctrl-click export -> export 2 Objects.

2 convert your certificate:

 openssl pkcs12 -in cert.p12 -out cert.pem -nodes -clcerts

3 to be safe

cat cert.pem

you should see something like:

Bag Attributes
    friendlyName: blablub
    localKeyID: SOME ID HERE
subject=/UID=(name)/CN=(a name)/OU=(a id)/C=(locale)
issuer=/C=(locale)/O=(auth)/OU=(authname)/CN=(name)
-----BEGIN CERTIFICATE-----
ABCD.....(cert here).....
-----END CERTIFICATE-----
Bag Attributes
    friendlyName: blubbla
    localKeyID: SOME ID HERE 
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
AB....(key here)....
-----END RSA PRIVATE KEY-----

now you are ready to go with source code without another lib in php:

 $cert_content = file_get_contents( $path );
 $res = openssl_x509_read( $cert_content );

david-schor · Answer 3 · 2017-10-30T09:24:57+0000

I know this question is outdated, but I want to share a possible solution to this problem.

First: I had the same problem. The certificate was correct and so was my PHP code.

I found out that the problem was the formatting of the certificate. To solve this problem, I created a function and edited the certificate correctly:

function createCertificate($cert) {

        $a = "-----BEGIN CERTIFICATE-----\n";
        $b = "\n-----END CERTIFICATE-----";

        $withoutFirsLine = substr($cert, strlen('-----BEGINCERTIFICATE-----'));

        $count = (strlen($withoutFirsLine) - strlen('-----ENDCERTIFICATE-----'));
        $withoutFirstAndLastLine = substr($withoutFirsLine, 0, $count);

        $withoutFirstAndLastLine = wordwrap($withoutFirstAndLastLine, 64, "\n", true);

        return $a.$withoutFirstAndLastLine . $b;

}

I hope I can help other people who have the same problem!

Reading and parsing the .cer file

More articles: