PHPackages tourze/ca-trust-bundle - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. tourze/ca-trust-bundle ActiveLibrary[Security](/categories/security) tourze/ca-trust-bundle ====================== Check local CA file security 0.0.1(11mo ago)00MITPHPPHP ^8.1CI passing Since May 24Pushed 4mo ago1 watchersCompare [ Source](https://github.com/tourze/ca-trust-bundle)[ Packagist](https://packagist.org/packages/tourze/ca-trust-bundle)[ RSS](/packages/tourze-ca-trust-bundle/feed)WikiDiscussions master Synced 1mo ago READMEChangelog (1)Dependencies (12)Versions (2)Used By (0) CA Trust Bundle =============== [](#ca-trust-bundle) [English](README.md) | [中文](README.zh-CN.md) [![Latest Version](https://camo.githubusercontent.com/b24309e34e38ae05ec0a3824463be20e8f3fb498367364c051591b91f6bfcbda/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f746f75727a652f63612d74727573742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tourze/ca-trust-bundle)[![PHP Version](https://camo.githubusercontent.com/713c8f02411f1b7491d330d467c7ba5c7f39b511d0e87bcc06d5ea0aeb6d4539/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f7068702d762f746f75727a652f63612d74727573742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tourze/ca-trust-bundle)[![License](https://camo.githubusercontent.com/a469772b071d6afea0c55b57c4e4fac598fe0b03eeb427aecc152c0e1fa6f19d/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f6c2f746f75727a652f63612d74727573742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tourze/ca-trust-bundle)[![Build Status](https://camo.githubusercontent.com/71c899315a8f155d504bb23baebabdd724ea15a42a5f7e72e49e6b4e9ebc30d3/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f616374696f6e732f776f726b666c6f772f7374617475732f746f75727a652f7068702d6d6f6e6f7265706f2f746573742e796d6c3f6272616e63683d6d6173746572267374796c653d666c61742d737175617265)](https://github.com/tourze/php-monorepo/actions)[![Quality Score](https://camo.githubusercontent.com/b17d9f9c90cfa1ef96f4828925ac1fc968c2127d6574e493a975d6d075364842/68747470733a2f2f696d672e736869656c64732e696f2f7363727574696e697a65722f672f746f75727a652f63612d74727573742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://scrutinizer-ci.com/g/tourze/ca-trust-bundle)[![Code Coverage](https://camo.githubusercontent.com/73ee3bab50824f778cedc6b4b3f78bcdab621eef812a979ec388b8ad692a4bff/68747470733a2f2f696d672e736869656c64732e696f2f636f6465636f762f632f6769746875622f746f75727a652f7068702d6d6f6e6f7265706f2e7376673f7374796c653d666c61742d737175617265)](https://codecov.io/gh/tourze/php-monorepo)[![Total Downloads](https://camo.githubusercontent.com/b2a37e93a5ac17499a9f21763f4fb3b327d6222efe7fa0d260d184eeb53b83dd/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f64742f746f75727a652f63612d74727573742d62756e646c652e7376673f7374796c653d666c61742d737175617265)](https://packagist.org/packages/tourze/ca-trust-bundle) A Symfony bundle for inspecting and verifying system root CA certificates to ensure security and trustworthiness. Table of Contents ----------------- [](#table-of-contents) - [Features](#features) - [Requirements](#requirements) - [Installation](#installation) - [Configuration](#configuration) - [Quick Start](#quick-start) - [Usage](#usage) - [Basic Commands](#basic-commands) - [Output Format](#output-format) - [Certificate Verification](#certificate-verification) - [Verification Services](#verification-services) - [Verification Results](#verification-results) - [Advanced Usage](#advanced-usage) - [Custom Verification Services](#custom-verification-services) - [Integration with Logging](#integration-with-logging) - [Performance Considerations](#performance-considerations) - [Dependencies](#dependencies) - [Testing](#testing) - [Contributing](#contributing) - [License](#license) Features -------- [](#features) - List and inspect system root CA certificates - Filter certificates by keyword, signature algorithm, or expiration status - Verify certificate trustworthiness against multiple online services - Output in both table and JSON formats - Comprehensive certificate details including fingerprint, issuer, and validity dates Requirements ------------ [](#requirements) - PHP 8.3 or higher - OpenSSL extension - Symfony 7.3 or higher Installation ------------ [](#installation) ``` composer require tourze/ca-trust-bundle ``` Configuration ------------- [](#configuration) This bundle works out of the box without additional configuration. The bundle automatically registers its services when installed. Quick Start ----------- [](#quick-start) After installation, you can immediately start using the bundle: ``` # Register the bundle in your bundles.php (auto-configured in most cases) # Add to config/bundles.php: # Tourze\CATrustBundle\CATrustBundle::class => ['all' => true], # List all system certificates bin/console ca-trust:list-certs # Search for specific certificates bin/console ca-trust:list-certs --keyword="DigiCert" # Verify certificate trustworthiness bin/console ca-trust:list-certs --verify ``` Usage ----- [](#usage) ### Basic Commands [](#basic-commands) ``` # List all certificates bin/console ca-trust:list-certs # Search certificates by keyword (matches organization, issuer, or domain) bin/console ca-trust:list-certs --keyword="DigiCert" bin/console ca-trust:list-certs -k "DigiCert" # Filter by signature algorithm bin/console ca-trust:list-certs --signature="SHA256" bin/console ca-trust:list-certs -s "SHA256" # Show expired certificates bin/console ca-trust:list-certs --show-expired # Output in JSON format bin/console ca-trust:list-certs --format=json bin/console ca-trust:list-certs -f json # Verify certificate trustworthiness bin/console ca-trust:list-certs --verify bin/console ca-trust:list-certs -c # Combine multiple options bin/console ca-trust:list-certs -k "DigiCert" -s "SHA256" --show-expired -c -f json ``` ### Output Format [](#output-format) #### Table Output [](#table-output) The table output includes the following columns: - `#`: Index number - `Organization`: Certificate organization - `Issuer`: Certificate issuer - `Domain`: Primary domain - `Signature`: Certificate fingerprint - `Valid From`: Certificate validity start date - `Valid Until`: Certificate expiration date - `Signature Algorithm`: Algorithm used for signing When using the `--verify` option, additional columns appear: - Verification results from each service (Pass/Fail/Unknown) - Overall verification status #### JSON Output [](#json-output) JSON output provides more detailed information including: - Complete fingerprint - Full domain list - Verification results (when using `--verify`) - Additional certificate metadata Certificate Verification ------------------------ [](#certificate-verification) When using the `--verify` option, the system verifies certificate trustworthiness through multiple online services: ### Verification Services [](#verification-services) 1. **crt.sh** - Checks if the certificate exists in public Certificate Transparency (CT) logs 2. **Mozilla** - Verifies if the certificate is in Mozilla's trusted root certificate list ### Verification Results [](#verification-results) - **Pass** - Certificate is verified and considered trustworthy - **Fail** - Certificate failed verification and may not be trustworthy - **Unknown** - Unable to determine certificate status due to connection issues or API limitations Advanced Usage -------------- [](#advanced-usage) ### Custom Verification Services [](#custom-verification-services) You can extend the bundle by creating custom certificate verification services. Implement the `CheckerInterface` and register your service: ``` use Tourze\CATrustBundle\Verification\CheckerInterface; use Tourze\CATrustBundle\Verification\VerificationStatus; class CustomChecker implements CheckerInterface { public function verify(SslCertificate $certificate): VerificationStatus { // Your verification logic here return VerificationStatus::PASSED; } public function getName(): string { return 'Custom'; } } ``` ### Integration with Logging [](#integration-with-logging) The bundle supports PSR-3 compatible logging for audit trails: ``` use Tourze\CATrustBundle\Verification\Checker\CrtShChecker; use Psr\Log\LoggerInterface; $logger = // your logger instance $checker = new CrtShChecker($logger); ``` ### Performance Considerations [](#performance-considerations) - Verification requests are made synchronously and may take time - Consider caching verification results for frequently checked certificates - Network timeouts may affect verification accuracy Dependencies ------------ [](#dependencies) This bundle relies on the following key libraries: - `composer/ca-bundle`: For retrieving system CA root certificates - `spatie/ssl-certificate`: For parsing and processing SSL certificates - `symfony/console`: For creating command-line tools - `symfony/http-client`: For interacting with online verification services Testing ------- [](#testing) ``` # Run tests ./vendor/bin/phpunit packages/ca-trust-bundle/tests # Run static analysis php -d memory_limit=2G ./vendor/bin/phpstan analyse packages/ca-trust-bundle ``` Contributing ------------ [](#contributing) Please see [CONTRIBUTING.md](CONTRIBUTING.md) for details on how to contribute to this project. License ------- [](#license) The MIT License (MIT). Please see [License File](LICENSE) for more information. ### Health Score 27 — LowBetter than 49% of packages Maintenance64 Regular maintenance activity Popularity0 Limited adoption so far Community4 Small or concentrated contributor base Maturity35 Early-stage or recently created project How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Unknown Total 1 Last Release 351d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/e354fdb316da535dfa8ba2e9193a473c403b6bc6fb9170778d1dc50e304c6e9d?d=identicon)[tourze](/maintainers/tourze) ### Code Quality TestsPHPUnit Static AnalysisPHPStan Type Coverage Yes ### Embed Badge ![Health badge](/badges/tourze-ca-trust-bundle/health.svg) ``` [![Health](https://phpackages.com/badges/tourze-ca-trust-bundle/health.svg)](https://phpackages.com/packages/tourze-ca-trust-bundle) ``` ### Alternatives [shopware/platform The Shopware e-commerce core 3.3k1.5M3](/packages/shopware-platform)[sylius/sylius E-Commerce platform for PHP, based on Symfony framework. 8.4k5.6M650](/packages/sylius-sylius)[sulu/sulu Core framework that implements the functionality of the Sulu content management system 1.3k1.3M152](/packages/sulu-sulu)[prestashop/prestashop PrestaShop is an Open Source e-commerce platform, committed to providing the best shopping cart experience for both merchants and customers. 9.0k15.4k](/packages/prestashop-prestashop)[simplesamlphp/simplesamlphp A PHP implementation of a SAML 2.0 service provider and identity provider. 1.1k12.4M193](/packages/simplesamlphp-simplesamlphp)[contao/core-bundle Contao Open Source CMS 1231.6M2.3k](/packages/contao-core-bundle) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)