I am trying to make a simple tool to check hashes of the SSL certificate (csr, key and crt) files. My code does not seem to be working correctly. It checks the hashes but simulating bad certificates do not give me an error.
Tried making simple HTML and PHP app.
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>SSL Test</title>
</head>
<body>
<div style="text-align:center">
<h1>Certificate Test</h1>
<form name="certForm" action="verify.php" method="post">
<div>
<label for="csr">CSR file:</label>
<input type="file" name="csr" id="csr" accept=".csr"/>
</div>
<div>
<label for="key">KEY file:</label>
<input type="file" name="key" id="key" accept=".key"/>
</div>
<div>
<label for="crt">CRT file:</label>
<input type="file" name="crt" id="crt" accept=".crt,.cert"/>
</div>
<button type="submit">Check</button>
<button type="reset">Reset</button>
</form>
</div>
</body>
</html>
<?php
header('Content-Type: text/html; charset=utf-8');
$csr = $_POST['csr'];
$key = $_POST['key'];
$crt = $_POST['crt'];
if (!$csr || !$key || !$crt) {
die('Files not specified. Go back and try again');
}
$hashCsr = exec("openssl req -in $csr -pubkey -noout -outform pem | sha256sum");
$hashKey = exec("openssl pkey -in $key -pubout -outform pem | sha256sum");
$hashCrt = exec("openssl x509 -in $crt -pubkey -noout -outform pem | sha256sum");
echo "<p><strong>File:</strong> $csr <strong>Hash:</strong> $hashCsr</p>";
echo "<p><strong>File:</strong> $key <strong>Hash:</strong> $hashKey</p>";
echo "<p><strong>File:</strong> $crt <strong>Hash:</strong> $hashCrt</p>";
if (($hashCsr === $hashKey) && ($hashCsr === $hashCrt) && ($hashKey === $hashCrt)) {
echo "<p style='color: green;'>Certificates match!</p>";
}
else {
echo "<p style='color: red;'>Certificates do NOT match!</p>";
}
?>
If hashes match, success message is shown, otherwise error message is shown.