I am trying to make a simple tool to check hashes of the SSL certificate (csr, key and crt) files. My code does not seem to be working correctly. It checks the hashes but simulating bad certificates do not give me an error.
Tried making simple HTML and PHP app.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>SSL Test</title>
</head>
<body>
<div style="text-align:center">
<h1>Certificate Test</h1>
<form name="certForm" action="verify.php" method="post">
<div>
<label for="csr">CSR file:</label>
<input type="file" name="csr" id="csr" accept=".csr"/>
</div>
<div>
<label for="key">KEY file:</label>
<input type="file" name="key" id="key" accept=".key"/>
</div>
<div>
<label for="crt">CRT file:</label>
<input type="file" name="crt" id="crt" accept=".crt,.cert"/>
</div>
<button type="submit">Check</button>
<button type="reset">Reset</button>
</form>
</div>
</body>
</html>
<?php
header('Content-Type: text/html; charset=utf-8');
$csr = $_POST['csr'];
$key = $_POST['key'];
$crt = $_POST['crt'];
if (!$csr || !$key || !$crt) {
die('Files not specified. Go back and try again');
}
$hashCsr = exec("openssl req -in $csr -pubkey -noout -outform pem | sha256sum");
$hashKey = exec("openssl pkey -in $key -pubout -outform pem | sha256sum");
$hashCrt = exec("openssl x509 -in $crt -pubkey -noout -outform pem | sha256sum");
echo "<p><strong>File:</strong> $csr <strong>Hash:</strong> $hashCsr</p>";
echo "<p><strong>File:</strong> $key <strong>Hash:</strong> $hashKey</p>";
echo "<p><strong>File:</strong> $crt <strong>Hash:</strong> $hashCrt</p>";
if (($hashCsr === $hashKey) && ($hashCsr === $hashCrt) && ($hashKey === $hashCrt)) {
echo "<p style='color: green;'>Certificates match!</p>";
}
else {
echo "<p style='color: red;'>Certificates do NOT match!</p>";
}
?>
If hashes match, success message is shown, otherwise error message is shown.
If all variables: $hashCsr, $hashKey and $hashCrt are empty it will pass your "certificate match" test.
if (($hashCsr === $hashKey) && ($hashCsr === $hashCrt) && ($hashKey === $hashCrt) && $hashCsr != '')
{
echo "<p style='color: green;'>Certificates match!</p>";
}
else
{
echo "<p style='color: red;'>Certificates do NOT match!</p>";
}
By the way you can use php openssl extension
Thanks for you comment. I made some changes to PHP code and it works now.
<?php
header('Content-Type: text/html; charset=utf-8');
$fileCsr = $_FILES["csr"]["name"];
$fileKey = $_FILES["key"]["name"];
$fileCrt = $_FILES["crt"]["name"];
$csr = $_FILES["csr"]["tmp_name"];
$key = $_FILES["key"]["tmp_name"];
$crt = $_FILES["crt"]["tmp_name"];
if (!$csr || !$key || !$crt) {
die("Files not specified. <a href='index.html'>Go back</a> and try again");
}
$hashKey = exec("openssl pkey -in " . $key . " -pubout -outform pem | sha256sum ");
$hashCsr = exec("openssl req -in " . $csr . " -pubkey -noout -outform pem | sha256sum");
$hashCrt = exec("openssl x509 -in " . $crt . " -pubkey -noout -outform pem | sha256sum");
echo "<table>";
echo "<tr><td><strong>Signing Request:</strong></td><td>" . $fileCsr . "</td><td><strong>Hash:</strong></td><td>" . $hashCsr . "</td></tr>";
echo "<tr><td><strong>Private Key:</strong></td><td>" . $fileKey . "</td><td><strong>Hash:</strong></td><td>" . $hashKey . "</td></tr>";
echo "<tr><td><strong>Public Key:</strong></td><td>" . $fileCrt . " </td><td><strong>Hash:</strong></td><td>" . $hashCrt . "</td></tr>";
echo "</table>";
if ($hashCsr === $hashKey && $hashCsr === $hashCrt && $hashKey === $hashCrt && $hashCsr != '') {
echo "<p style='color: green;'>Certificates match!</p>";
}
else {
echo "<p style='color: red;'>Certificates do NOT match!</p>";
}
echo "<a href='index.html'>Go back</a>";
?>