PHPackages stayallive/certificate-chain-resolver - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. stayallive/certificate-chain-resolver ActiveLibrary stayallive/certificate-chain-resolver ===================================== Certificate chain resolver. v1.0.2(4y ago)2975[1 issues](https://github.com/stayallive/certificate-chain-resolver/issues)MITPHPPHP ^8.0 Since Mar 2Pushed 1y ago1 watchersCompare [ Source](https://github.com/stayallive/certificate-chain-resolver)[ Packagist](https://packagist.org/packages/stayallive/certificate-chain-resolver)[ Docs](https://github.com/stayallive/certificate-chain-resolver)[ GitHub Sponsors](https://github.com/stayallive)[ RSS](/packages/stayallive-certificate-chain-resolver/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (3)Dependencies (4)Versions (4)Used By (0) Certificate Chain Resolver ========================== [](#certificate-chain-resolver) [![Latest Version](https://camo.githubusercontent.com/6a9febf57f4b9caba7bfca8ff2614d8330d2e7363b25bcb0a35d18803b568d8e/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f72656c656173652f73746179616c6c6976652f63657274696669636174652d636861696e2d7265736f6c7665722e7376673f7374796c653d666c61742d737175617265)](https://github.com/stayallive/certificate-chain-resolver/releases)[![Software License](https://camo.githubusercontent.com/55c0218c8f8009f06ad4ddae837ddd05301481fcf0dff8e0ed9dadda8780713e/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d627269676874677265656e2e7376673f7374796c653d666c61742d737175617265)](LICENSE.md)[![Build Status](https://camo.githubusercontent.com/818b51102be7095f6e7aae5c3c10ad020cfcbb4a5f9d8ae05d69b0ce1a2b795c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f73746179616c6c6976652f63657274696669636174652d636861696e2d7265736f6c7665722f63692e79616d6c3f6272616e63683d6d6173746572267374796c653d666c61742d737175617265)](https://github.com/stayallive/certificate-chain-resolver/actions/workflows/ci.yaml)[![Total Downloads](https://camo.githubusercontent.com/4d8637057956a65a226debf21d6b59fc60cd8c9a659a54f09e97a4e49c8418d7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f73746179616c6c6976652f63657274696669636174652d636861696e2d7265736f6c7665722e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/stayallive/certificate-chain-resolver) Resolve a certificate chain with a simple to use interface. A hosted version using this package can be found here: [chief.tools/certificate-chain-resolver](https://chief.tools/certificate-chain-resolver?ref=github). Installation ------------ [](#installation) ``` composer require stayallive/certificate-chain-resolver ``` Usage ----- [](#usage) You can use `Resolver::fetchForCertificate` to retrieve the full PEM encoded chain as a string. ``` $output = \Stayallive\CertificateChain\Resolver::fetchForCertificate( \Stayallive\CertificateChain\Certificate::loadFromPathOrUrl('path/to/certificate.pem') ); ``` You can use `Certificate::loadFromPathOrUrl` to retrieve a `Certificate` instance you need for constructing a `Resolver` instance. The certificate is fetched using `file_get_contents` so any path or URL that is supported by `file_get_contents` should work. The `Certificate` can be in multiple formats and encodings, currently supported: PEM, DER and PKCS7, they are all normalized to PEM encoding. If you need the chain without the original certificate or want to get an array of `Certificate` instances representing the chain you can use the `Resolver` class directly: ``` $chain = new \Stayallive\CertificateChain\Resolver( \Stayallive\CertificateChain\Certificate::loadFromPathOrUrl('path/to/certificate.pem') ); $chain->getContents(); // Same as `Resolver::fetchForCertificate`, returns a string $chain->getCertificates(); // Array of certificates in the chain, returns an array // Versions that do not include the certificate that was used to construct the `Resolver` with $chain->getContentsWithoutOriginal(); $chain->getCertificatesWithoutOriginal(); ``` There are 2 possible exceptions that are thrown while retrieving the certificate or it's chain, they both extend `ResolverException`: - `CouldNotLoadCertificate` - this indicates fetching the certificate from an URL or path failed - `CouldNotParseCertificate` - this indicates parsing the fetched certificate failed because it's invalid or it's encoding is unsupported Background: the trust chain --------------------------- [](#background-the-trust-chain) All operating systems contain a set of default trusted root certificates. But Certificate Authorities usually don't use their root certificate to sign customer certificates. Instead of they use so called intermediate certificates, because they can be rotated more frequently. A certificate can contain a special Authority Information Access extension (RFC-3280) with URL to issuer's certificate. Most browsers can use the AIA extension to download missing intermediate certificate to complete the certificate chain. This is the exact meaning of the Extra download message. But some clients, mostly mobile browsers, don't support this extension, so they report such certificate as untrusted. This results in 'untrusted'-warnings since the browser thinks you are on an insecure connection. A server should always send a complete chain, which means concatenated all certificates from the certificate to the trusted root certificate (exclusive, in this order), to prevent such issues. So when installing a SSL certificate on a server you should install all intermediate certificates as well. You should be able to fetch intermediate certificates from the issuer and concat them together by yourself. This package helps you automatize that boring task by looping over certificate's AIA extension field and returning the full chain to you. Credits ------- [](#credits) This package was originally created as a fork of [ssl-certificate-chain-resolver](https://github.com/spatie/ssl-certificate-chain-resolver) written by [Spatie](https://github.com/spatie) which was inspired by [cert-chain-resolver](https://github.com/zakjan/cert-chain-resolver/) written by [Jan Žák](http://www.zakjan.cz/). Some text, mainly the background about the trust chain, was copied from the readme of his repo. Security Vulnerabilities ------------------------ [](#security-vulnerabilities) If you discover a security vulnerability within this package, please send an e-mail to Alex Bouma at `alex+security@bouma.me`. All security vulnerabilities will be swiftly addressed. License ------- [](#license) This package is open-sourced software licensed under the [MIT license](http://opensource.org/licenses/MIT). ### Health Score 28 — LowBetter than 54% of packages Maintenance18 Infrequent updates — may be unmaintained Popularity20 Limited adoption so far Community7 Small or concentrated contributor base Maturity56 Maturing project, gaining track record Bus Factor1 Top contributor holds 100% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~14 days Total 3 Last Release 1504d ago ### Community Maintainers ![](https://avatars.githubusercontent.com/u/1090754?v=4)[Alex Bouma](/maintainers/stayallive)[@stayallive](https://github.com/stayallive) --- Top Contributors [![stayallive](https://avatars.githubusercontent.com/u/1090754?v=4)](https://github.com/stayallive "stayallive (19 commits)") --- Tags certificatecertificate-chainhttpshttpscertificatecertificate-chain ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP CS Fixer Type Coverage Yes ### Embed Badge ![Health badge](/badges/stayallive-certificate-chain-resolver/health.svg) ``` [![Health](https://phpackages.com/badges/stayallive-certificate-chain-resolver/health.svg)](https://phpackages.com/packages/stayallive-certificate-chain-resolver) ``` ### Alternatives [league/uri URI manipulation library 1.1k206.4M277](/packages/league-uri)[league/uri-interfaces Common tools for parsing and resolving RFC3987/RFC3986 URI 538204.9M23](/packages/league-uri-interfaces)[react/http Event-driven, streaming HTTP client and server implementation for ReactPHP 78126.4M414](/packages/react-http)[acmephp/acmephp Let's Encrypt client written in PHP 649155.1k](/packages/acmephp-acmephp)[mlocati/ocsp Library to query HTTPS Certificates revocation status using the Online Certificate Status Protocol (OCSP) 40754.7k2](/packages/mlocati-ocsp)[kelunik/acme ACME library written in PHP. 121603.9k3](/packages/kelunik-acme) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)