PHP , MySQL and SSL authentication

Question

I have a question about building a authentication system with SSL certificates. My Idea is to store the data in the database(I know how to do that) and when the user gives the certificate the system to check the cert values and to know where to put the user. But there are some things that are not quite clear(I might sound nooby, but don't judge me)

1. How to make the certificate with PHP?
2. How to make the system to request a specific details from the client?(As is on StartSSL)
3. Do I have to sign the private certificate or something?

P.S: I am using HostGator Business Plan if this makes any difference. I have requested them to issue a private ssl certificate.

Answer 1

I have never used StartSSL however many individuals and companies alike use SSL APIs and auth now, like the new(ish) Facebook sdk.

Note that self signed certificates are not supported as a valid security mechanism by many browsers and other software.

You cannot make SSL certificates in PHP, instead you must make then using a tool like OpenSSL. Here is a brief tutorial I found on Google: http://www.akadia.com/services/ssh_test_certificate.html .

SSL is mainly designed to make the transference of data across the line a little more secure and when reading in connections through PHP you would validate the certificate to see if it matches the one it is supposed to (http://stackoverflow.com/questions/3081042/how-to-get-ssl-certificate-info-with-curl-in-php) much like how a browser downloads a sites SSL cert and then uses that to create a secure connection. I wouldn't imagine you would have a certificate per user.

After this all your data goes over HTTPS rather than HTTP allowing for SSL auth.

Depending on the SSL auth system, if it is an API then your cURL request would be sent over HTTPS rather than HTTP.

If you are making this for a login page on a website then it is a lot simpler than I have said above (well in theory, there are still a lot of thing you can mess up). If you are doing this then you would simply add the SSL cert to your server and then add it to your server config (another quick tutorial for Apache from Google: http://www.digicert.com/ssl-certificate-installation-apache.htm ) and then literally proceed as you normally would redirecting the user to a https of the login page and the login processing page (making sure you have a vhost for 443 if your in Apache).

Edit: Openssl does have a PHP API as I just remembered so I was wrong there.

This is how I see SSL auth going down.

Answer 2

1) Method for create new SSL certificate with PHP^

    $dn = array(
        "countryName" => 'Country',
        "organizationName" => 'Org',
        "commonName" => 'Common name',
        "emailAddress" => 'email@email.com',
    );

    $configArgs = array(
        'digest_alg' => 'SHA1',
    );

    $clientKey = openssl_pkey_new();
    $csr = openssl_csr_new($dn, $clientKey, $configArgs);

    $password = trim(base64_encode(openssl_random_pseudo_bytes(8)), '/=');

    $cert = openssl_csr_sign(
        $csr,
        'file:///etc/ssl/ca/ca.pem',
        'file:///etc/ssl/ca/ca.pem',
        1095,
        $configArgs,
        $serial
    );

    openssl_pkcs12_export($cert, $clientCertPkcs12, $clientKey, $password);
    openssl_x509_free($cert);
    $sslData = array(
        'serial' => $serial, // random serial
        'sslkey' => $password,
        'created_at' => time(),
        'sslpfx' => $clientCertPkcs12
    );

    openssl_pkey_free($clientKey);