In a new post to her blog, Vanessa Vasile has a reminder about a built-in PHP function that can help quite a bit when you're working with SSL certificates - openssl_x509_parse.

PHP has a nifty little function for parsing an x.509 SSL certificate into an array to easily pull out the elements: openssl_x509_parse. Essentially, all you need to do is load up the contents of the certificate, either through a file or POST value, and enclose it in the array.

She includes a code snippet that pulls in the certificate contents, calls the function and puts it into an array that's easy to loop through and get values and subvalues from the results. The PHP.net manual page doesn't have a documented list of the return values because a constant result hasn't been defined. You'll need at least PHP 5.2 to use the function.

Christopher Kunz has relaunched his php-security.net domain with a brand new blog and a new article posted today - "X.509 PKI login with PHP and Apache".

Since grid computing (that's what I'm currently doing) also is very much about Single-sign on and delegation of rights, username/password authentication schemes don't quite do it for us. Thus, a PKI (public key infrastructure) based on X.509 is employed.

He explains the acronym soup by defining the process as advanced means of "showing the web who you are". He explains some of the basics about the certificates and who good candidates for this type of authentication are. Then the tech starts - how to get Apache configured to use them and how to use them in PHP to authenticate the external user (requiring OpenSSL compiled in to access the needed functions).