spatie/ssl-certificate-chain-resolver
Composer 安装命令:
composer require spatie/ssl-certificate-chain-resolver
包简介
SSL certificate chain resolver
README 文档
README
All operating systems contain a set of default trusted root certificates. But Certificate Authorities usually don't use their root certificate to sign customer certificates. They use so called intermediate certificates instead, because these can be rotated more frequently.
If not all intermediate certificates are installed on your server, some clients —mostly mobile browsers— will think you are on an insecure connection.
This tool can help you fix the incomplete certificate chain issue, also reported as Extra download by Qualys SSL Server Test.
Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.
Support us
We invest a lot of resources into creating best in class open source packages. You can support us by buying one of our paid products.
We highly appreciate you sending us a postcard from your hometown, mentioning which of our package(s) you are using. You'll find our address on our contact page. We publish all received postcards on our virtual postcard wall.
Postcardware
You're free to use this package (it's MIT-licensed), but if it makes it to your production environment you are required to send us a postcard from your hometown, mentioning which of our package(s) you are using.
Our address is: Spatie, Kruikstraat 22, 2018 Antwerp, Belgium.
The best postcards will get published on the open source page on our website.
Installation
This package can be installed using composer by running this command.
composer global require spatie/ssl-certificate-chain-resolver
Usage
Let's assume you have an incomplete certificate called cert.crt. To generate the a file containing the certificate and the entire trust chain, you can use this command:
ssl-certificate-chain-resolver resolve cert.crt
A file containing the certificate and the entire trust chain will be saved as certificate-including-trust-chain.crt
You can also pass the name of the file of the outputfile as the second argument:
ssl-certificate-chain-resolver resolve cert.crt your-output-file.crt
If the outputfile already exists, you will be asked if it's ok to overwrite it.
Updating
You can update ssl-certificate-chain-resolver to the latest version by running:
composer global update spatie/ssl-certificate-chain-resolver
Limitations
Currently this package does not work with Entity validation certificates or certificates issued by Let's Encrypt. A PR that adds this to package would be highly appreciated.
Testing
Functional and unit tests are included with the package.
You can run them yourself with vendor/bin/codecept run
Credits
This package was inspired by cert-chain-resolver written by Jan Žák. Some text, mainly the background about the trust chain, was copied from the readme of his repo.
Background: the trust chain
All operating systems contain a set of default trusted root certificates. But Certificate Authorities usually don't use their root certificate to sign customer certificates. Instead of they use so called intermediate certificates, because they can be rotated more frequently.
A certificate can contain a special Authority Information Access extension (RFC-3280) with URL to issuer's certificate. Most browsers can use the AIA extension to download missing intermediate certificate to complete the certificate chain. This is the exact meaning of the Extra download message. But some clients, mostly mobile browsers, don't support this extension, so they report such certificate as untrusted.
This results in 'untrusted'-warnings like this, since the browser thinks you are on an insecure connection.
A server should always send a complete chain, which means concatenated all certificates from the certificate to the trusted root certificate (exclusive, in this order), to prevent such issues. So when installing a SSL certificate on a server you should install all intermediate certificates as well. You should be able to fetch intermediate certificates from the issuer and concat them together by yourself.
This tool helps you automatize that boring task by looping over certificate's AIA extension field.
About Spatie
Spatie is a webdesign agency in Antwerp, Belgium. You'll find an overview of all our open source projects on our website.
License
The MIT License (MIT). Please see License File for more information.
spatie/ssl-certificate-chain-resolver 适用场景与选型建议
spatie/ssl-certificate-chain-resolver 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10.53k 次下载、GitHub Stars 达 306, 最近一次更新时间为 2015 年 01 月 28 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「https」 「ssl」 「Chain」 「certificate」 「ssl-certificate-chain-resolver」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 spatie/ssl-certificate-chain-resolver 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 spatie/ssl-certificate-chain-resolver 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 spatie/ssl-certificate-chain-resolver 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Chain Adapter for Secretary
This package provides a generic processor chain to process a given object with processors/task (kind of a pipline, command chain pattern).
A simple package that adds the impersonate operation for admins
A Laravel artisan based package to create the AWS (SES + SNS) infrastructure to receive email event notifications with Http/Https endpoint.
Register a chain of calls that will be applied on an instance later
URL routing framework and requests/responses handler for PHP
统计信息
- 总下载量: 10.53k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 308
- 点击次数: 14
- 依赖项目数: 0
- 推荐数: 1
其他信息
- 授权协议: MIT
- 更新时间: 2015-01-28
