PHP和X.509身份验证-检查证书颁发者 [英] PHP and X.509 authentication - Checking certificate issuer

问题描述

我正在尝试在我的网站上有一个特定页面，只有经过X.509身份验证的用户才能访问.捕获是，我希望拥有由特定中间CA颁发的匹配证书的所有客户端都可以使用(我打算在一个自生成的根CA之下有几个中间CA，但只有一个由一个特定的中间CA颁发的客户端证书可以访问此页面).使用PHP可以做到这一点吗?

I'm trying to have a specific page on my site only accessible to people after X.509 authentication. Catch is, I want it to be available to all clients who have a matching certificate issued by a specific Intermediate CA (I intend to have a few Intermediate CAs underneath a self-generated Root CA, but only a client certificate issued by one specific Intermediate CA can access this page). Is this possible using PHP?

让我知道是否需要进一步详细说明，我将尝试添加更多详细信息.感谢您的帮助！

Let me know if I need to elaborate further, and I'll try and add more detail. Thanks for your help!

TC

推荐答案

是.使用SSL扩展名和openssl_x509_parse函数获取证书信息时，您将可以访问证书中的所有信息.您应该可以在您的php脚本中执行此操作:

Yes. When you get the cert information using the SSL extension and the openssl_x509_parse function, you'll get access to all the information in the cert. You should be able to do this in your php script:

var_dump(openssl_x509_parse($_SERVER['SSL_CLIENT_CERT']));

您应该在该阵列中看到一个发行人"密钥，其中包含一个有关客户端证书发行者信息的阵列，而我将假定它会为您提供所需的信息.

You should see in that array that there's an 'issuer' key with an array containing information about the client cert issuer, and I'm going to assume that gets you the information you need.

这篇关于PHP和X.509身份验证-检查证书颁发者的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！