PKI Tutorials - Herong's Tutorial Examples - v2.32, by Herong Yang
Asking OpenSSL to Verify Server's Certificate
This section provides a tutorial example on how to ask the OpenSSL module to verify HTTPS server's certificate using 'verify_peer' SSL context option.
Based on the documentation of "SSL context options", the OpenSSL module does not verify HTTPS server certificates by default. In this tutorial, I want to show you how to ask Open OpenSSL to verify server certificate when communicating with https://login.yahoo.com.
1. Get a copy of the root CA certificate that for login.yahoo.com certificate. This can be done by using Firefox 3 to visit https://login.yahoo.com. Read the Firefox 3 chapter of this book for more details.
2. Modify the OpenSSL test script:
<?php # OpenSSL_HTTPS_file_get_contents_with_CA.php #- Copyright (c) 2010-2018 HerongYang.com. All Rights Reserved. # $script = array_shift($argv); $url = array_shift($argv); $context = stream_context_create(array( 'ssl' => array( 'verify_peer' => true, 'cafile' => 'CA_Bundle.crt' ) )); $html = file_get_contents($url, false, $context); echo $html; ?>
3. Run the modified test script:
herong> \local\php\php OpenSSL_HTTPS_file_get_contents_with_CA.php \ https://login.yahoo.com <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.... <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>Sign in to Yahoo!</title> <meta http-equiv="Pragma" content="no-cache"> ...
The "verify_peer" option seems to be working.
Table of Contents
Introduction of PKI (Public Key Infrastructure)
Introduction of HTTPS (Hypertext Transfer Protocol Secure)
Using HTTPS with Google Chrome
Using HTTPS with Mozilla Firefox
HTTPS with IE (Internet Explorer)
Android and Server Certificate
Windows Certificate Stores and Console
RDP (Remote Desktop Protocol) and Server Certificate
macOS Certificate Stores and Keychain Access
Perl Scripts Communicating with HTTPS Servers
►PHP Scripts Communicating with HTTPS Servers
Configuring PHP OpenSSL on Windows
Testing OpenSSL with file_get_contents()
SSL Context Options for OpenSSL
►Asking OpenSSL to Verify Server's Certificate
OpenSSL Failing to Verify Server's Certificate
Multiple CA Certificates in a Single File
Testing OpenSSL with fsockopen()
Adding CA Certificates for the PHP Engine
Testing OpenSSL with stream_socket_client()
Java Programs Communicating with HTTPS Servers
.NET Programs Communicating with HTTPS Servers
CAcert.org - Root CA Offering Free Certificates
PKI CA Administration - Issuing Certificates
Comodo Free Personal Certificate
Digital Signature - Microsoft Word
Digital Signature - OpenOffice.org 3