Edit report at https://bugs.php.net/bug.php?id=53785&edit=1
ID: 53785 Updated by: m...@php.net Reported by: BenBE at geshi dot org Summary: Way to query a X.509 certificate fingerprint -Status: Open +Status: Closed Type: Feature/Change Request Package: OpenSSL related Operating System: Debian PHP Version: 5.3.5 -Assigned To: +Assigned To: mike Block user comment: N Private report: N New Comment: Feature by Tjerk Meesters in master. Previous Comments: ------------------------------------------------------------------------ [2012-01-27 09:29:41] msn at searchy dot nl The fingerprint is nothing more than the md5 or sha1 sum of the certificate. When you take ther certificate, strip it of the begin and end tag, base64 decode the content and md5 that, you'll get the fingerprint. Sample code: $newcert = preg_replace("/-----BEGIN CERTIFICATE-----|-----END CERTIFICATE-----/","",$cert); $b64 = base64_decode($newcert); echo "MD5 fingerprint: " . md5($b64) . "\n"; ------------------------------------------------------------------------ [2011-01-19 06:38:49] BenBE at geshi dot org Description: ------------ When reading a X.509 certificate file (or fetching the certificate from an SSL connection) there is no straight forward way to query the certificate's fingerprint as shown by browsers when viewing the site's certificate. The output of openssl_x509_parse doesn't contain the fingerprint while openssl_x509_export might contain it in a hard to parse string representation. ------------------------------------------------------------------------ -- Edit this bug report at https://bugs.php.net/bug.php?id=53785&edit=1