Just made a test with a self-signed cert:
private key
Code
- ASN1 OID: prime256v1-----BEGIN EC PARAMETERS-----BggqhkjOPQMBBw==-----END EC PARAMETERS----------BEGIN EC PRIVATE KEY-----MHcCAQEEILjqEc3Qam26nxYOykqX+kxOin4M5OROrhAMO5gQKEQToAoGCCqGSM49AwEHoUQDQgAEPWkpW7yoQU8pm5aGTwdctldvw/dxDvvvWNnjAJDytKMBaEyn6LbitOkS8i5APO0k2324MnjkaeRfSMyxBcZZ+g==-----END EC PRIVATE KEY-----
SSL cert (self-signed)
Code
- -----BEGIN CERTIFICATE-----MIICXzCCAgagAwIBAgIJAJ8D7qyIYyuiMAkGByqGSM49BAEwgYwxCzAJBgNVBAYTAkZSMQ8wDQYDVQQIDAZGUkFOQ0UxDjAMBgNVBAcMBUVzc29uMQ4wDAYDVQQKDAVpTVNDUDEOMAwGA1UECwwFaU1TQ1AxFjAUBgNVBAMMDWNhLm51eHdpbi5jb20xJDAiBgkqhkiG9w0BCQEWFWwuZGVjbGVyY3FAbnV4d2luLmNvbTAeFw0xNjAzMjIyMjUwMzVaFw0xNzAzMjIyMjUwMzVaMIGMMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRlJBTkNFMQ4wDAYDVQQHDAVFc3NvbjEOMAwGA1UECgwFaU1TQ1AxDjAMBgNVBAsMBWlNU0NQMRYwFAYDVQQDDA1jYS5udXh3aW4uY29tMSQwIgYJKoZIhvcNAQkBFhVsLmRlY2xlcmNxQG51eHdpbi5jb20wWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ9aSlbvKhBTymbloZPB1y2V2/D93EO++9Y2eMAkPK0owFoTKfotuK06RLyLkA87STbfbgyeORp5F9IzLEFxln6o1AwTjAdBgNVHQ4EFgQUmZrsH2xcLCLlSBTKhKUyKPtlH18wHwYDVR0jBBgwFoAUmZrsH2xcLCLlSBTKhKUyKPtlH18wDAYDVR0TBAUwAwEB/zAJBgcqhkjOPQQBA0gAMEUCIDhCkp8F/TkZSV9fV2HdW/7YmLhJ8EkAQ5VBf6tYPTAcAiEA14gvnbaSqWt5CaT74mgg0xz6ZKbkp1VEomxI40IB/vU=-----END CERTIFICATE-----
Script for test
PHP
- <?php# Check for private key (here no password)$key = openssl_pkey_get_private("file://private.key", "");# Read SSL certificate$certificate = openssl_x509_read("file://certificate.pem");if(openssl_x509_check_private_key($certificate, $key) !== true) {print "The private key doesn't belongs to the provided SSL certificate.\n";} else {print "Private key is valid and belongs to provided SSL certificate\n";}
Result: Private key is valid and belongs to provided SSL certificate
Environment
Code
- root@wheezy:~# lsb_release -aNo LSB modules are available.Distributor ID: DebianDescription: Debian GNU/Linux 7.9 (wheezy)Release: 7.9Codename: wheezyroot@wheezy:~# php -vPHP 5.4.45-0+deb7u2 (cli) (built: Oct 17 2015 08:26:31)Copyright (c) 1997-2014 The PHP GroupZend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologiesroot@wheezy:~#
Info about the self-signed I've generated are as follow
Code
- root@wheezy:~# openssl x509 -in certificate.pem -text -noout
- Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 11458264301750660002 (0x9f03eeac88632ba2)
- Signature Algorithm: ecdsa-with-SHA1
- Issuer: C=FR, ST=FRANCE, L=Esson, O=iMSCP, OU=iMSCP, CN=ca.nuxwin.com/emailAddress=l.declercq@nuxwin.com
- Validity
- Not Before: Mar 22 22:50:35 2016 GMT
- Not After : Mar 22 22:50:35 2017 GMT
- Subject: C=FR, ST=FRANCE, L=Esson, O=iMSCP, OU=iMSCP, CN=ca.nuxwin.com/emailAddress=l.declercq@nuxwin.com
- Subject Public Key Info:
- Public Key Algorithm: id-ecPublicKey
- Public-Key: (256 bit)
- pub:
- 04:3d:69:29:5b:bc:a8:41:4f:29:9b:96:86:4f:07:
- 5c:b6:57:6f:c3:f7:71:0e:fb:ef:58:d9:e3:00:90:
- f2:b4:a3:01:68:4c:a7:e8:b6:e2:b4:e9:12:f2:2e:
- 40:3c:ed:24:db:7d:b8:32:78:e4:69:e4:5f:48:cc:
- b1:05:c6:59:fa
- ASN1 OID: prime256v1
- X509v3 extensions:
- X509v3 Subject Key Identifier:
- 99:9A:EC:1F:6C:5C:2C:22:E5:48:14:CA:84:A5:32:28:FB:65:1F:5F
- X509v3 Authority Key Identifier:
- keyid:99:9A:EC:1F:6C:5C:2C:22:E5:48:14:CA:84:A5:32:28:FB:65:1F:5F
- X509v3 Basic Constraints:
- CA:TRUE
- Signature Algorithm: ecdsa-with-SHA1
- 30:45:02:20:38:42:92:9f:05:fd:39:19:49:5f:5f:57:61:dd:
- 5b:fe:d8:98:b8:49:f0:49:00:43:95:41:7f:ab:58:3d:30:1c:
- 02:21:00:d7:88:2f:9d:b6:92:a9:6b:79:09:a4:fb:e2:68:20:
- d3:1c:fa:64:a6:e4:a7:55:44:a2:6c:48:e3:42:01:fe:f5
I'll give a try with your certifificate.
