SSL сертификат можно получить с помощью контекста потоков (Stream Context), а разобрать его поможет функция openssl_x509_parse()
.
Если сертификат отсутствует или просрочен, то код ошибки и текст будет в переменных $err_no
и $err_str
.
$url = 'ssl://snipp.ru:443';
$context = stream_context_create(
array(
'ssl' => array(
'capture_peer_cert' => true,
'verify_peer' => false, // Т.к. промежуточный сертификат может отсутствовать,
'verify_peer_name' => false // отключение его проверки.
)
)
);
$fp = stream_socket_client($url, $err_no, $err_str, 30, STREAM_CLIENT_CONNECT, $context);
$cert = stream_context_get_params($fp);
if (empty($err_no)) {
$info = openssl_x509_parse($cert['options']['ssl']['peer_certificate']);
print_r($info);
}
Результат:
Array(
[name] => /CN=snipp.ru
[subject] => Array(
[CN] => snipp.ru
)
[hash] => d29c8ea7
[issuer] => Array(
[C] => US
[O] => Let's Encrypt
[CN] => Let's Encrypt Authority X3
)
[version] => 2
[serialNumber] => 295366585736462130072577585684820136690675
[serialNumberHex] => 0364011F3441AE879CE07F8A1018FDFA03F3
[validFrom] => 200214143414Z
[validTo] => 200514143414Z
[validFrom_time_t] => 1581690854
[validTo_time_t] => 1589466854
[signatureTypeSN] => RSA-SHA256
[signatureTypeLN] => sha256WithRSAEncryption
[signatureTypeNID] => 668
[purposes] => Array(
[1] => Array(
[0] => 1
[1] =>
[2] => sslclient
)
[2] => Array(
[0] => 1
[1] =>
[2] => sslserver
)
[3] => Array(
[0] => 1
[1] =>
[2] => nssslserver
)
[4] => Array(
[0] =>
[1] =>
[2] => smimesign
)
[5] => Array(
[0] =>
[1] =>
[2] => smimeencrypt
)
[6] => Array(
[0] =>
[1] =>
[2] => crlsign
)
[7] => Array(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array(
[0] => 1
[1] =>
[2] => ocsphelper
)
[9] => Array(
[0] =>
[1] =>
[2] => timestampsign
)
)
[extensions] => Array(
[keyUsage] => Digital Signature, Key Encipherment
[extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
[basicConstraints] => CA:FALSE
[subjectKeyIdentifier] => 93:5E:0E:54:E4:68:87:51:61:07:15:45:04:76:EB:AC:53:69:00:AE
[authorityKeyIdentifier] => keyid:A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
[authorityInfoAccess] => OCSP - URI:http://ocsp.int-x3.letsencrypt.org CA Issuers - URI:http://cert.int-x3.letsencrypt.org/
[subjectAltName] => DNS:snipp.ru, DNS:www.snipp.ru
[certificatePolicies] => Policy: 2.23.140.1.2.1 Policy: 1.3.6.1.4.1.44947.1.1.1 CPS: http://cps.letsencrypt.org
)
)
Вывод основных данных
echo 'Домен: ' . $info['subject']['CN'] . "\r\n";
echo 'Выдан: ' . $info['issuer']['CN'] . "\r\n";
echo 'Истекает: ' . date('d.m.Y H:i', $info['validTo_time_t']);
Домен: snipp.ru
Выдан: Let's Encrypt Authority X3
Истекает: 14.05.2020 17:34