PHPackages hoels/ocsp-php - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Utility & Helpers](/categories/utility) 4. / 5. hoels/ocsp-php ActiveLibrary[Utility & Helpers](/categories/utility) hoels/ocsp-php ============== OCSP library for PHP 0.1.0(1y ago)1175.8k↓34.7%1MITPHPPHP >=8.1 Since Dec 26Pushed 1y ago1 watchersCompare [ Source](https://github.com/hoels/ocsp-php)[ Packagist](https://packagist.org/packages/hoels/ocsp-php)[ RSS](/packages/hoels-ocsp-php/feed)WikiDiscussions main Synced 1w ago READMEChangelog (1)Dependencies (4)Versions (2)Used By (1) OCSP PHP ======== [](#ocsp-php) ocsp-php is a library for checking if certificates are revoked by using Online Certificate Status Protocol (OCSP), entirely written in PHP. Note that this library does not include any HTTP client. You can use any client of your choice, e.g. Curl or GuzzleHTTP. Installation ------------ [](#installation) #### Requirements [](#requirements) - PHP 8.1+ - Composer ### Composer [](#composer) ``` composer require hoels/app-store-server-library-php ``` Loading the certificates ------------------------ [](#loading-the-certificates) By using `CertificateLoader`, you can load certificates from a file or string. ``` // Loading certificate from file $certificate = CertificateLoader::fromFile("/path/to/cert.crt"); // Loading certificate from string $certificate = CertificateLoader::fromString("-----BEGIN CERTIFICATE-----MIIEAzCCA...-----END CERTIFICATE-----"); ``` Getting the issuer certificate from certificate ----------------------------------------------- [](#getting-the-issuer-certificate-from-certificate) The certificate usually contains a URL where you can find certificate of the certificate issuer. You can use this code to extract this URL from the certificate. ``` $certificate = CertificateLoader::fromFile("/path/to/cert.crt"); $issuerCertificateUrl = CertificateLoader::getIssuerCertificateUrl($certificate); ``` `$issuerCertificateUrl` will contain the URL where the issuer certificate can be downloaded. When it is an empty string, that means the issuer certificate URL is not included in the SSL certificate. Getting the OCSP responder URL ------------------------------ [](#getting-the-ocsp-responder-url) To check if a SSL Certificate is valid, you need to know the OCSP URL, that is provided by the authority that issued the certificate. This URL can be called to check if the certificate has been revoked. This URL may be included in the SSL Certificate itself. You can use this code to extract the OCSP responder URL from the SSL Certificate. ``` $certificate = CertificateLoader::fromFile("/path/to/cert.crt"); $ocspResponderUrl = CertificateLoader::getOcspResponderUrl($certificate); ``` When it is an empty string, that means the OCSP responder URL is not included in the SSL Certificate. Checking the revocation status of an SSL Certificate ---------------------------------------------------- [](#checking-the-revocation-status-of-an-ssl-certificate) Once you have the SSL Certificate, the issuer certificate, and the OCSP responder URL, you can check whether the SSL certificate has been revoked or is still valid. ``` $subjectCert = CertificateLoader::fromFile("/path/to/subject.crt"); $issuerCert = CertificateLoader::fromFile("/path/to/issuer.crt"); // Create the certificateId $certificateId = CertificateLoader::generateCertificateId($subjectCert, $issuerCert); // Build request body $requestBody = new OcspRequest(); $requestBody->addCertificateId($certificateId); // Add nonce extension when the nonce feature is enabled, // otherwise skip this line $requestBody->addNonceExtension(random_bytes(8)); // Send request to OCSP responder URL $curl = curl_init(); curl_setopt($curl, CURLOPT_URL, $ocspResponderUrl); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); curl_setopt($curl, CURLOPT_POST, true); curl_setopt($curl, CURLOPT_HTTPHEADER, ["Content-Type: " . Ocsp::OCSP_REQUEST_MEDIATYPE]); curl_setopt($curl, CURLOPT_POSTFIELDS, $requestBody->getEncodeDer()); $result = curl_exec($curl); $info = curl_getinfo($curl); if ($info["http_code"] !== 200) { throw new RuntimeException("HTTP status is not 200"); } // Check the response content type if ($info["content_type"] != Ocsp::OCSP_RESPONSE_MEDIATYPE) { throw new RuntimeException("Content-Type header of the response is wrong"); } // Decode the raw response from the OCSP Responder $response = new OcspResponse($result); // Validate response certificateId $response->validateCertificateId($certificateId); // Validate response signature $response->validateSignature(); // Validate nonce when the nonce feature is enabled, $basicResponse = $response->getBasicResponse(); if ($requestBody->getNonceExtension() != $basicResponse->getNonceExtension()) { throw new RuntimeException("OCSP request nonce and response nonce do not match"); } ``` `$response` contains instance of the `OCSP\OcspResponse` class: - `$response->isRevoked() === false` when the certificate is not revoked - `$response->isRevoked() === true` when the certificate is revoked (to get revoke reason, call `$response->getRevokeReason()`) - when `$response->isRevoked()` returns `null`, then the certificate revoke status is unknown To get more detailed information from the response you can use: ``` $response->getStatus(); $basicResponse = $response->getBasicResponse(); ``` Following methods can be called with `$basicResponse`: - `$basicResponse->getResponses()` - returns array of the responses - `$basicResponse->getCertificates()` - returns array of X.509 certificates (phpseclib3\\File\\X509) - `$basicResponse->getSignature()` - returns signature - `$basicResponse->getProducedAt()` - returns DateTime object - `$basicResponse->getThisUpdate()` - returns DateTime object - `$basicResponse->getNextUpdate()` - returns DateTime object (is `null` when `nextUpdate` field does not exist) - `$basicResponse->getSignatureAlgorithm()` - returns signature algorithm as string (throws exception, when signature algorithm is not implemented) - `$basicResponse->getNonceExtension()` - returns nonce (when value is `null` then nonce extension does not exist in response) - `$basicResponse->getCertID()` - returns response certificateID To get the full response for debugging or logging purposes, use `$response->getResponse()` ### Health Score 33 — LowBetter than 73% of packages Maintenance38 Infrequent updates — may be unmaintained Popularity35 Limited adoption so far Community15 Small or concentrated contributor base Maturity37 Early-stage or recently created project Bus Factor1 Top contributor holds 55.9% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 530d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/51371415?v=4)[Kai Hölscher](/maintainers/hoels)[@hoels](https://github.com/hoels) --- Top Contributors [![hoels](https://avatars.githubusercontent.com/u/51371415?v=4)](https://github.com/hoels "hoels (19 commits)")[![metsma](https://avatars.githubusercontent.com/u/5708849?v=4)](https://github.com/metsma "metsma (6 commits)")[![mrts](https://avatars.githubusercontent.com/u/44880?v=4)](https://github.com/mrts "mrts (6 commits)")[![kristelmerilain](https://avatars.githubusercontent.com/u/25638036?v=4)](https://github.com/kristelmerilain "kristelmerilain (3 commits)") ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/hoels-ocsp-php/health.svg) ``` [![Health](https://phpackages.com/badges/hoels-ocsp-php/health.svg)](https://phpackages.com/packages/hoels-ocsp-php) ``` ### Alternatives [civicrm/civicrm-core Open source constituent relationship management for non-profits, NGOs and advocacy organizations. 744284.3k34](/packages/civicrm-civicrm-core)[phpseclib/mcrypt_compat PHP 5.x-8.x polyfill for mcrypt extension 28130.9M41](/packages/phpseclib-mcrypt-compat)[akeneo/pim-community-dev Akeneo PIM, the future of catalog management is open! 1.0k620.8k86](/packages/akeneo-pim-community-dev)[phpseclib/phpseclib2_compat phpseclib 2.0 polyfill built with phpseclib 3.0 132.0M16](/packages/phpseclib-phpseclib2-compat)[stackkit/laravel-google-cloud-scheduler 33260.2k](/packages/stackkit-laravel-google-cloud-scheduler)[shopware/app-php-sdk Shopware App SDK for PHP 1594.9k3](/packages/shopware-app-php-sdk) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)