[PHP] How to create CA certificate with PHP

2009-11-10 Thread Tanveer Chowdhury 
Hello all,

Using openssl, I can create CA certificate by using the linux command line.

But this thing I want to do using PHP that is I want to add some information
in the openldap regarding a user and also would like to insert his public
key certificate along with the other information.

Can you please suggest any link or documentation on this topic. For your
information I can insert information like user,email,phone,email in openldap
but haven't tried to insert the certificate in openldap yet. The issue is, I
want to make the whole process automated like all user information user will
input in a form and upon clicking submit button all those information along
with his certificate which will be generated then and there will be inserted
in openldap.

Thanks in advance.

[PHP] Re: How to create CA certificate with PHP

2009-11-12 Thread Tanveer Chowdhury 
thank you. I will have a look at it and will come up if any question.

On Wed, Nov 11, 2009 at 11:47 PM, Manuel Lemos  wrote:
> Hello,
>
> on 11/10/2009 08:28 PM Tanveer Chowdhury said the following:
>> Hello all,
>>
>> Using openssl, I can create CA certificate by using the linux command line.
>>
>> But this thing I want to do using PHP that is I want to add some information
>> in the openldap regarding a user and also would like to insert his public
>> key certificate along with the other information.
>>
>> Can you please suggest any link or documentation on this topic. For your
>> information I can insert information like user,email,phone,email in openldap
>> but haven't tried to insert the certificate in openldap yet. The issue is, I
>> want to make the whole process automated like all user information user will
>> input in a form and upon clicking submit button all those information along
>> with his certificate which will be generated then and there will be inserted
>> in openldap.
>
> You may want to try this PHP class exactly for that purpose:
>
> http://www.phpclasses.local/crypt_openssl
>
> --
>
> Regards,
> Manuel Lemos
>
> Find and post PHP jobs
> http://www.phpclasses.org/jobs/
>
> PHP Classes - Free ready to use OOP components written in PHP
> http://www.phpclasses.org/
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] How to read certificate values of HTTPS webserver

2009-11-12 Thread Tanveer Chowdhury 
Hi,

I have a SSL enabledd webserver which is CA self signed. So when
client hits the server , the server shows the client his certificate
and as its self signed so the client browser add the exception and
proceed. Now when the client hit the webserver and server showed its
certificate; is there any way I can get the informations from that
certificate because I have no idea how to let php know when the server
sent its certificate so that it can fetch the information and how to
read? Because I am trying of doing the authentication based on the
certificate like take the cn value from certificate and match with a
database and if match found the client can proceed.

Thank you.

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Create client certificate with openssl

2009-11-24 Thread Tanveer Chowdhury 
Hi all,

I have an apache server and for that I created CA as the signing authority
using openssl.

Now I created a  php page which will generate client certificates with key
and will sign by CA. Now the output is in .pem .
Now how to convert it in .p12 for exporting it in client browser..

Again, If using exec gives another problem which is it asks for export
password so how to give this via php.

Thanks in advance.
Below is the code:

   "AU",
"stateOrProvinceName"=> "AR",
"organizationName"   => "Widget Ltd",
"organizationalUnitName" => "Test",
"commonName" => "John Smith"
);
$req_csr  = openssl_csr_new ($dn, $req_key);
$req_cert = openssl_csr_sign($req_csr, "file://$CA_CERT",
"file://$CA_KEY", 365);
if(openssl_x509_export ($req_cert, $out_cert)) {
echo "$out_key\n";
echo "$out_cert\n";
$myFile2 = "/tmp/testFile.pem";
   // $myFile1 = "/tmp/testKey.pem";

$fh2 = fopen($myFile2, 'w') or die("can't open file");
fwrite($fh2, $out_key);
$fh1 = fopen($myFile2, 'a') or die("can't open file");
fwrite($fh1, $out_cert);
fclose($fh1);
fclose($fh2);

$command = `openssl pkcs12 -export test -in /tmp/testFile.pem -out
client-cert.p12`;
exec( $command );

}
elseecho "Failed Cert\n";
}
else
echo "FailedKey\n";
?>

[PHP] connection to SSL enabled ldap problem

2009-11-27 Thread Tanveer Chowdhury 
Hi all
I am having a problem in connection to an SSL enabled ldap server.
In localhost is easily connects to the ldap server with SSL but if try to
connect remotely then it cannot bind to ldap server but can connect.

In the slapd.conf I added the 3 lines to enable SSL
TLSCACertificateFile /usr/local/openssl/misc/demoCA/cacert.pem
TLSCertificateFile /usr/local/openssl/misc/server-cert.pem
TLSCertificateKeyFile /usr/local/openssl/misc/server-key.pem

and then restarted the ldap which is also working in 636 port.

Currently its working in default port without SSL but whenever use the ssl
then it gives the message :
"Could not bind to ldap database"

I have installed the rpms and in phpinfo there is a --with-ssl option too.
Though I have generated the CA and server certificates with compiled
openssl.

Here is ldapconnect code;


Any idea.

Re: [PHP] PHP APACHE SAVE AS

2009-11-27 Thread Tanveer Chowdhury 
That means its not recognizing the php code and thats why its giving the
download prompt. why not install xampp or wamp.

On Fri, Nov 27, 2009 at 4:24 AM, Julian Muscat Doublesin <
opensourc...@gmail.com> wrote:

> Hello Everyone,
>
> I have installed PHP, Apache and MySQL on a Windows 7 machine :(. I
> would prefer linux or unix :)
>
> These have been setup and working correctly. However when I access a php
> page. I get the save as dialog. Has anyone ever experinced such a
> situation.
> Can anyone please advise.
>
> Thank you very much in advance.
>
> Julian
>



-- 
- Ŧ₳ᶇṾḛḗƦ

[PHP] How to read a certificate and compute hash of it

2009-12-04 Thread Tanveer Chowdhury 
Hi

Currently I am doing some coding in php to match a client certifcate with an
openldap certificate of that same user just to verify.
I mean the user stored one copy of this certficate in openldap previously
and now when he shows his certificate to server the server will then fetch
that users certificate from ldap and match.

and later I want to do hash. Now in ldap its stored in .der format and in
browser its in .p12
So what I am doing is as below:

";

///

$userName=$_SERVER["SSL_CLIENT_S_DN_CN"];
$filter="(cn=$userName)";
$justthese = array ("userCertificate;binary");
$result=ldap_search ($ldapconnect,"ou=people,dc=example,dc=com", $filter);
$entry = ldap_first_entry($ldapconnect,$result);
$attributes= ldap_get_attributes($ldapconnect,$entry);
$cert_der =$attributes["userCertificate;binary"][0];

// converting der to pem
$pem = chunk_split(base64_encode($cert_der), 64, "\n");
$pem = "-BEGIN CERTIFICATE-\n".$pem."-END CERTIFICATE-\n";
openssl_x509_export($pem,$cert_pem_string);
$ldap_cert_hash = hash($HASH_ALG, $cert_pem_string);

Now finally I will match $login_cert_hash and $ldap_cert_hash but problem is
its always giving me the same output of hash even if I manually change the
certificate of client to make sure.
I don't get it.

Thank in advance.

[PHP] problem in Computing hash of certificates

2009-12-12 Thread Tanveer Chowdhury 
Hi all,
I was willing to match two certificates using hash fn but the problem
is when I fetch the certificate from apache its in pem format and when
I fetch the cert from LDAP its in der so only this one needs
to be converted to .pem format which I m doing but its showing me two
diff. hashes.
When I read the cert from LDAP and convert it to pem then it cannot
print also when I use parse function and when print the cert then
inside the BEGIN and END it doesn't print the whole certificate.
Is it normal or it can't fetch the whole cert from ldap?

";

openssl_x509_export ($loginCert, $login_cert_String);
if (empty ($login_cert_String)) echo "empty";
$login_cert_hash = hash ($HASH_ALG, $login_cert_String);

echo "Browser HASH= ". $login_cert_hash;

//$ssl=openssl_x509_parse($loginCert);
//print_r ($ssl);
echo "";



$cn="John Albert";
$dn = "dc=example, dc=com";

$filter="(cn=$cn)";
    $justthese = array("userCertificate;binary","cn");
    $sr=ldap_search($ldapconnect, $dn, $filter, $justthese);
    $info = ldap_get_entries($ldapconnect, $sr);
    $entry =ldap_first_entry($ldapconnect, $sr);
    $attributes = ldap_get_attributes($ldapconnect,$entry);
    $certificate =$attributes["userCertificate;binary"][0];

    //convert certificate into .PEM format for further processing.
    //$cert2= der2pem($certificate);
    $pem = chunk_split(base64_encode($certificate), 64, "\n");
    $pem = "-BEGIN CERTIFICATE-\n".$pem."-END CERTIFICATE-\n";
    $cert2 = $pem;
// It does not print the certificate as array here
 $ssl2=openssl_x509_parse($cert2);
 print_r ($ssl2);
 echo "";
// here it prints the certificate but it doesn't print the whole
certificate between the BEGIN CERTIFICATE and END CERTIFICATE
// Does that mean it can't read the whole centent.
 echo $cert2;

//openssl_x509_export($cert2,$certS);
echo " LDAP HASH:";
echo hash("md5",$cert2);
?>

thanks in advance.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php