PHP获取网站SSL证书有效期
function getSSLCertificateExpiry($domain, $port = 443) {
// 创建 SSL 上下文,启用证书捕获
$context = stream_context_create([
'ssl' => [
'capture_peer_cert' => true,
'capture_peer_cert_chain' => true,
'verify_peer' => true, // 强烈建议启用证书验证
'verify_peer_name' => true, // 强烈建议启用域名匹配验证
// 如果在容器或特殊环境中遇到 CA 证书问题,可能需要指定 CA 文件路径
// 'cafile' => '/path/to/cacert.pem',
]
]);
// 建立 SSL 连接
$socket = @stream_socket_client("ssl://{$domain}:{$port}", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context);
if (!$socket) {
return ['error' => "连接失败: {$errstr} (错误码: {$errno})"];
}
// 获取连接参数,提取证书
$params = stream_context_get_params($socket);
if (!isset($params['options']['ssl']['peer_certificate'])) {
return ['error' => '未收到证书'];
}
$cert = $params['options']['ssl']['peer_certificate'];
$certInfo = openssl_x509_parse($cert);
if (!$certInfo) {
return ['error' => '证书解析失败'];
}
// 提取有效期信息
$validFrom = date('Y-m-d H:i:s', $certInfo['validFrom_time_t']);
$validTo = date('Y-m-d H:i:s', $certInfo['validTo_time_t']);
$isExpired = $certInfo['validTo_time_t'] < time();
return [
'subject' => $certInfo['subject']['CN'] ?? 'N/A',
'issuer' => $certInfo['issuer']['CN'] ?? 'N/A',
'date_of_issue' => $validFrom,
'expires_at' => $validTo,
'expires_timestamp' => $certInfo['validTo_time_t'],
'expired' => $isExpired,
'left_days' => floor(($certInfo['validTo_time_t']-time())/86400),
];
}
$domain = 'www.baidu.com'; // 替换为你要查询的域名
$result = getSSLCertificateExpiry($domain);
if (isset($result['error'])) {
echo "错误: " . $result['error'] . "\n";
} else {
echo "证书信息:\n";
echo " 主题 (CN): " . $result['subject'] . "\n";
echo " 签发者: " . $result['issuer'] . "\n";
echo " 颁发时间: " . $result['date_of_issue'] . "\n";
echo " 到期时间: " . $result['expires_at'] . "\n";
echo " 是否已过期: " . ($result['expired'] ? '是' : '否') . "\n";
echo " 剩余天数: " . $result['left_days'] . "\n";
}输出
证书信息: 主题 (CN): baidu.com 签发者: GlobalSign RSA OV SSL CA 2018 颁发时间: 2025-07-09 07:01:02 到期时间: 2026-08-10 07:01:01 是否已过期: 否 剩余天数: 182
$result = getSSLCertificateExpiry($domain);
获取到的证书所有信息:
Array
(
[name] => /C=CN/ST=beijing/L=beijing/O=Beijing Baidu Netcom Science Technology Co., Ltd/CN=baidu.com
[subject] => Array
(
[C] => CN
[ST] => beijing
[L] => beijing
[O] => Beijing Baidu Netcom Science Technology Co., Ltd
[CN] => baidu.com
)
[hash] => 7476f7c7
[issuer] => Array
(
[C] => BE
[O] => GlobalSign nv-sa
[CN] => GlobalSign RSA OV SSL CA 2018
)
[version] => 2
[serialNumber] => 27025959261604984493724308777
[serialNumberHex] => 5753597B3F311D38E6629529
[validFrom] => 250709070102Z
[validTo] => 260810070101Z
[validFrom_time_t] => 1752044462
[validTo_time_t] => 1786345261
[signatureTypeSN] => RSA-SHA256
[signatureTypeLN] => sha256WithRSAEncryption
[signatureTypeNID] => 668
[purposes] => Array
(
[1] => Array
(
[0] => 1
[1] =>
[2] => sslclient
)
[2] => Array
(
[0] => 1
[1] =>
[2] => sslserver
)
[3] => Array
(
[0] => 1
[1] =>
[2] => nssslserver
)
[4] => Array
(
[0] =>
[1] =>
[2] => smimesign
)
[5] => Array
(
[0] =>
[1] =>
[2] => smimeencrypt
)
[6] => Array
(
[0] =>
[1] =>
[2] => crlsign
)
[7] => Array
(
[0] => 1
[1] => 1
[2] => any
)
[8] => Array
(
[0] => 1
[1] =>
[2] => ocsphelper
)
[9] => Array
(
[0] =>
[1] =>
[2] => timestampsign
)
)
[extensions] => Array
(
[keyUsage] => Digital Signature, Key Encipherment
[basicConstraints] => CA:FALSE
[authorityInfoAccess] => CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
[certificatePolicies] => Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
[crlDistributionPoints] =>
Full Name:
URI:http://crl.globalsign.com/gsrsaovsslca2018.crl
[subjectAltName] => DNS:baidu.com, DNS:baifubao.com, DNS:www.baidu.cn, DNS:www.baidu.com.cn, DNS:mct.y.nuomi.com, DNS:apollo.auto, DNS:dwz.cn, DNS:*.baidu.com, DNS:*.baifubao.com, DNS:*.baidustatic.com, DNS:*.bdstatic.com, DNS:*.bdimg.com, DNS:*.hao123.com, DNS:*.nuomi.com, DNS:*.chuanke.com, DNS:*.trustgo.com, DNS:*.bce.baidu.com, DNS:*.eyun.baidu.com, DNS:*.map.baidu.com, DNS:*.mbd.baidu.com, DNS:*.fanyi.baidu.com, DNS:*.baidubce.com, DNS:*.mipcdn.com, DNS:*.news.baidu.com, DNS:*.baidupcs.com, DNS:*.aipage.com, DNS:*.aipage.cn, DNS:*.bcehost.com, DNS:*.safe.baidu.com, DNS:*.im.baidu.com, DNS:*.baiducontent.com, DNS:*.dlnel.com, DNS:*.dlnel.org, DNS:*.dueros.baidu.com, DNS:*.su.baidu.com, DNS:*.91.com, DNS:*.hao123.baidu.com, DNS:*.apollo.auto, DNS:*.xueshu.baidu.com, DNS:*.bj.baidubce.com, DNS:*.gz.baidubce.com, DNS:*.smartapps.cn, DNS:*.bdtjrcv.com, DNS:*.hao222.com, DNS:*.haokan.com, DNS:*.pae.baidu.com, DNS:*.vd.bdstatic.com, DNS:*.cloud.baidu.com, DNS:click.hm.baidu.com, DNS:log.hm.baidu.com, DNS:cm.pos.baidu.com, DNS:wn.pos.baidu.com, DNS:update.pan.baidu.com
[extendedKeyUsage] => TLS Web Server Authentication, TLS Web Client Authentication
[authorityKeyIdentifier] => keyid:F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
[subjectKeyIdentifier] => BA:91:7C:55:A9:8F:1F:B0:02:60:27:BB:D7:D3:03:AF:2D:AB:AD:1D
[ct_precert_scts] => Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : AC:AB:30:70:6C:EB:EC:84:31:F4:13:D2:F4:91:5F:11:
1E:42:24:43:B1:F2:A6:8C:4F:3C:2B:3B:A7:1E:02:C3
Timestamp : Jul 9 07:01:09.629 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:35:DB:47:71:C6:0E:36:D4:9E:87:46:9D:
8D:5C:1D:19:7F:A9:53:C0:1A:8F:16:2D:C2:03:2B:71:
0B:C6:1D:53:02:20:22:0E:91:A8:C5:87:93:93:D6:48:
35:F5:24:7B:F6:F5:FF:3D:56:F3:9D:DB:4C:72:86:2D:
4A:AD:77:45:52:CF
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : CB:38:F7:15:89:7C:84:A1:44:5F:5B:C1:DD:FB:C9:6E:
F2:9A:59:CD:47:0A:69:05:85:B0:CB:14:C3:14:58:E7
Timestamp : Jul 9 07:01:09.640 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:BC:C9:FA:F8:1A:19:CB:22:CF:BF:6D:
A3:22:F6:A7:36:7B:C5:35:A1:A5:F7:AD:23:B8:59:2D:
8B:97:09:68:E3:02:21:00:AB:19:F4:52:A5:FB:57:80:
2C:64:F1:A9:5F:EE:77:DA:7C:97:78:37:85:8B:0D:41:
CC:85:80:3C:2E:71:5B:81
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : D7:6D:7D:10:D1:A7:F5:77:C2:C7:E9:5F:D7:00:BF:F9:
82:C9:33:5A:65:E1:D0:B3:01:73:17:C0:C8:C5:69:77
Timestamp : Jul 9 07:01:09.600 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:1E:5F:24:19:17:79:DD:66:DA:B1:09:B7:
11:9F:DA:3C:49:A5:21:7B:10:1E:FF:7C:8F:E8:12:0B:
45:FE:38:AA:02:21:00:B7:97:A9:BD:A2:27:A1:08:79:
42:B5:18:DE:4E:76:C1:1D:0D:35:AC:F5:32:3B:05:7C:
9D:8C:4C:87:77:A8:0C
)
)
