PHP Parse SSL Certificate



<?php
$cert = cert();//see below
$r = openssl_x509_parse($cert);
preg_match_all('/(?:DNS):([^, ]+)/',$r['extensions']['subjectAltName'], $matches);
$subjectAltNames = isset($matches[1]) ? $matches[1] : array();
 
echo "Serial: 0x".bcdechex($r['serialNumber'])."\n";
echo "Valid From: ".gmdate("Y-m-d H:i:s", $r['validFrom_time_t'])."\n";
echo "Valid To: ".gmdate("Y-m-d H:i:s", $r['validTo_time_t'])."\n";
unset($r['purposes']);//makes the rest hard to see
print_r($r);
 
//src: http://php.net/manual/en/ref.bc.php
function bcdechex($dec) {
    $last = bcmod($dec, 16);
    $remain = bcdiv(bcsub($dec, $last), 16);
    if($remain == 0) {
        return dechex($last);
    } else {
        return bcdechex($remain).dechex($last);
    }
}
function cert() {
    return '-----BEGIN CERTIFICATE-----
MIIG0DCCBbigAwIBAgIQBd/o/xW4Y8zGiceOZAz+izANBgkqhkiG9w0BAQUFADBm
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSUwIwYDVQQDExxEaWdpQ2VydCBIaWdoIEFzc3VyYW5j
ZSBDQS0zMB4XDTExMTIwODAwMDAwMFoXDTEyMTIxMjEyMDAwMFoweTELMAkGA1UE
BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDVNhbiBGcmFuY2lz
Y28xIzAhBgNVBAoTGldpa2ltZWRpYSBGb3VuZGF0aW9uLCBJbmMuMRgwFgYDVQQD
DA8qLndpa2lwZWRpYS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDUaZWLhfJEgERN+dzp/AKvU/46RHPMPwfs8z6olxVP1EPDBpop9VksPl+q93lp
mi6s3faOWB5Rplqp+u/1rKHhlr+2ah9qQ1Np6Xb6gKNVpZA/SSBuSexuBXwWYIgD
IXivkun3u7EuzoxME/nMmN7whnbQ2JIDGM8LcfsDPjFKyVywtu3Ry8YqHRw+h3be
tKaKdGzBYQQA7tDmydIGu/yJuxnmBmAyLztoE0Y4iH04/NyhIzzRfiDOkI7g99Ky
tRrDYdgY4xPqLFTo8qVaTD1CRwa0stPdz79UWRmEn9k5P02GWdfxHvRvYh2Wk8eo
53rJIypXfA+65W7vbWvq16MFAgMBAAGjggNlMIIDYTAfBgNVHSMEGDAWgBRQ6nOJ
2yn7EI+e5QEg1N55mUiD9zAdBgNVHQ4EFgQUvwEkt6ooB6QGZazDQAb+1ljDE0Mw
PAYDVR0RBDUwM4IRKi5tLndpa2lwZWRpYS5vcmeCDyoud2lraXBlZGlhLm9yZ4IN
d2lraXBlZGlhLm9yZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUH
AwEGCCsGAQUFBwMCMF8GA1UdHwRYMFYwKaAnoCWGI2h0dHA6Ly9jcmwzLmRpZ2lj
ZXJ0LmNvbS9jYTMtZzIuY3JsMCmgJ6AlhiNodHRwOi8vY3JsNC5kaWdpY2VydC5j
b20vY2EzLWcyLmNybDCCAcQGA1UdIASCAbswggG3MIIBswYJYIZIAYb9bAEBMIIB
pDA6BggrBgEFBQcCARYuaHR0cDovL3d3dy5kaWdpY2VydC5jb20vc3NsLWNwcy1y
ZXBvc2l0b3J5Lmh0bTCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA
ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8A
bgBzAHQAaQB0AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAA
dABoAGUAIABEAGkAZwBpAEMAZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAA
dABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABhAHIAdAB5ACAAQQBnAHIAZQBlAG0A
ZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkAYQBiAGkAbABpAHQA
eQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAgAGgA
ZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjB7BggrBgEFBQcB
AQRvMG0wJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBFBggr
BgEFBQcwAoY5aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0SGln
aEFzc3VyYW5jZUNBLTMuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQEFBQAD
ggEBAJgn1wAyeaQlJiszKmbZGKlk4kTgcWn8bGfn5tcO2xtKREET2UafEbEBZGcW
Sr22HZNOe6EWQSfJwWTe8ork/ewoAfcD9BoO1g5ZdMnZ/sHBtdKm17qIl8/Jcd+u
RdpB766yfpK8V6f6Gl55wNd3I+XauBEZWe42dhx+2jYF9fcshyJ4iA7UUFGkx0Rn
gg/12u9HE6xW+v0mglLUCAeXfL5KSpO0QFpLdjjfOGb5ax5D1oIoBParVgghxymZ
X2MmI/PwJmDreGblDXoqlwi9jtiQVNcYqLB5JNE3kVVsK/hEggVintS5aX4sFN9L
pNaqgpreqzrUpBWS36YhYmIIaAw=
-----END CERTIFICATE-----';
}
?>

output:
Serial: 0x5dfe8ff15b863ccc689c78e640cfe8b
Valid From: 2011-12-08 00:00:00
Valid To: 2012-12-12 12:00:00
Array
(
    [name] => /C=US/ST=California/L=San Francisco/O=Wikimedia Foundation, Inc./CN=*.wikipedia.org
    [subject] => Array
        (
            [C] => US
            [ST] => California
            [L] => San Francisco
            [O] => Wikimedia Foundation, Inc.
            [CN] => *.wikipedia.org
        )
 
    [hash] => 690deae8
    [issuer] => Array
        (
            [C] => US
            [O] => DigiCert Inc
            [OU] => www.digicert.com
            [CN] => DigiCert High Assurance CA-3
        )
 
    [version] => 2
    [serialNumber] => 7808747907309433099406896547511467659
    [validFrom] => 111208000000Z
    [validTo] => 121212120000Z
    [validFrom_time_t] => 1323302400
    [validTo_time_t] => 1355313600
    [extensions] => Array
        (
            [authorityKeyIdentifier] => keyid:50:EA:73:89:DB:29:FB:10:8F:9E:E5:01:20:D4:DE:79:99:48:83:F7
 
            [subjectKeyIdentifier] => BF:01:24:B7:AA:28:07:A4:06:65:AC:C3:40:06:FE:D6:58:C3:13:43
            [subjectAltName] => DNS:*.m.wikipedia.org, DNS:*.wikipedia.org, DNS:wikipedia.org
            [keyUsage] => Digital Signature, Key Encipherment
            [extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
            [crlDistributionPoints] => 
Full Name:
  URI:http://crl3.digicert.com/ca3-g2.crl
 
Full Name:
  URI:http://crl4.digicert.com/ca3-g2.crl
 
            [certificatePolicies] => Policy: 2.16.840.1.114412.1.1
  CPS: http://www.digicert.com/ssl-cps-repository.htm
  User Notice:
    Explicit Text: 
 
            [authorityInfoAccess] => OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertHighAssuranceCA-3.crt
 
            [basicConstraints] => CA:FALSE
        )
 
)