Free certificate from Comodo and PHP stream_socket_server
-
There is a free SSL certificate from Comodo in crt format. However, the stream_socket_server in php only understands in the format of *.pem of the convertation team, issues:
root@noc:/usr/local/www/apache24/ssl/data/service # openssl x509 -inform der -in noc_wdwedwe_ru.crt -out noc_wdwedwe_ru.pem unable to load certificate 34379270664:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:1201: 34379270664:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:374:Type=X509It's necessary to raise a websocket server with a connection: a server on php PO-ME Javascript in the browser, without swearing on a self-signature certificate.
Code at php:
$ip="noc.wdwedwe.ru"; $port="8100"; $pem_file = "noc_wdwedwe_ru.pem"; $context = stream_context_create(); stream_context_set_option($context, 'ssl', 'local_cert', $pem_file); // Our SSL Cert in PEM format stream_context_set_option($context, 'ssl', 'allow_self_signed', true); stream_context_set_option($context, 'ssl', 'verify_peer', false); stream_context_set_option($context, 'ssl', 'verify_peer_name', false); stream_context_set_option($context, 'ssl', 'ciphers', 'ALL'); $socket = stream_socket_server("ssl://{$ip}:{$port}", $errno, $errstr, STREAM_SERVER_BIND|STREAM_SERVER_LISTEN, $context); stream_socket_enable_crypto($socket, false); $socket = setupTcpStreamServer($pem_file, $pem_passphrase, $ip, $port); if (!$socket) {die("$errstr ($errno)\n");} echo "--демон сервера стартовал\n"; $connects = array();while (true) {
//формируем массив прослушиваемых сокетов:
$read = $connects;
$read []= $socket;
$write = $except = null;
if (!stream_select($read, $write, $except, null)) {break;}
if (in_array($socket, $read)) {
$connect = stream_socket_accept($socket, -1);
if ($connect==true){
$info = handshakeSocket($connect);
if ($info==true){
$connects[] = $connect;//добавляем его в список необходимых для обработки
onOpen($connect, $info);//вызываем пользовательский сценарий
};
};unset($read[ array_search($socket, $read) ]); } foreach($read as $connect) {//обрабатываем все соединения $data = fread($connect, 100000); if (!$data) { //соединение было закрыто fclose($connect); unset($connects[ array_search($connect, $connects) ]); onClose($connect);//вызываем пользовательский сценарий continue; } onMessage($connect, $data,$info);//вызываем пользовательский сценарий }}
-
Maybe it's a mistake because der is not a format comparable to crt? der is a binary format, so it can't be loaded to convert your crt file. Try a command envelope:
openssl x509 -in noc_wdwedwe_ru.crt -out noc_wdwedwe_ru.pemAnd crt and pem are identical. It's just that pem can put a key and some sort of one-on-one certificates in the first place. In your case, as there is no separate key file and one certificate, the pem file will be fully identified with the crt file. I mean, it's gonna be a simple change in the name of the expansion of the crt file to the pem.
