PHP SSL Client Certificate

Question

PHP SSL Client Certificate

I am currently using a tcp socket to exchange data between server and client using socket streams in PHP. I want each client to have a unique certificate (which I will generate for them) to access my server, so that only people I know can use it. I searched and found only how to use the server-side certificate, which will allow me to create an SSL socket connection, but I really need to use the client server certificate to identify the client that connects to my server. Is this possible with PHP?

I would suggest that the client connects like this:

$clientCert = './clientCert.pem';
$streamContext = stream_context_create();
stream_context_set_option($streamContext, 'ssl', 'local_cert', $clientCert);
$server = stream_socket_client('ssl://IP', $error, $errorString, 2, STREAM_CLIENT_CONNECT, $streamContext);

But how does the server process (identify, etc.) this client-side certificate?

Hope I understood my question.

Thanks in advance, Raphael

+5

php certificate ssl client-side sockets

user2308602 Apr 22 '13 at 19:13

source share

1 answer

Jon · Answer 1 · 2013-04-22T19:28:30+0000

You must use stream_context_set_optionto install verify_peeron true; this will require the other side to verify that the client has a trusted certificate. Verification is performed by verifying that the certificate is signed by a trusted authority, so you need to specify where the public key of authority can be found using the cafileor option capath.

Please note that the above matters both on the server side (to authenticate your clients) and on the client side - the server is also not authenticated unless you explicitly did this.

PHP SSL Client Certificate

More articles: