Weave Code
Code Weaver
Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.
Feedback
Share your thoughts, report bugs, or suggest improvements.
Subject
Message
Log in Register
Home
Packages
Certificate
Assessments

Certificate Laravel Package

kelunik/certificate

Generate and manage X.509 certificates in PHP with a simple API. Create CSRs, self-signed and CA-signed certs, handle keys and certificate chains, and export common formats—ideal for TLS tooling, service provisioning, and automation.

View on GitHub
Deep Wiki
Context7

Getting Started

Install via Composer: composer require kelunik/certificate. Start by parsing a certificate from a PEM string or file:

use function Kelunik\Certificate\parseCertificate;

$cert = parseCertificate(file_get_contents('cert.pem'));

The returned Certificate object provides methods like $cert->getSubject(), $cert->getIssuer(), $cert->getValidFrom(), $cert->getValidTo(), and $cert->getSubjectAltNames(). The simplest first use case is checking expiration:

if ($cert->isValidAt(new DateTime())) {
    echo "Certificate is currently valid.\n";
}

Review the README and src/ in the repository for full class/method signatures—no external config needed.

Implementation Patterns

  • Certificate Monitoring Jobs: Use in CLI scripts to scan prod servers (via openssl s_client output or cert files), alert on expiry, and generate reports.
  • mTLS Validation: Parse client certs in middleware to inspect SANs or key usage before granting access to internal services.
  • Build/Deployment Hooks: Validate TLS certificate chain integrity before deployment (e.g., ensure issuer matches expected CA, keyUsage includes digitalSignature).
  • Fingerprinting: For logs/audits, generate SHA-256 fingerprints via $cert->getPublicKey()->getFingerprint('sha256').
  • Testing: Mock certificates for unit tests using parseCertificate() with embedded PEM test strings to validate logic paths.

Gotchas and Tips

  • The library does not verify certificate chains or signatures—it’s for inspection only. Use OpenSSL or openssl_verify() externally if chain trust is required.
  • DER parsing is less common; ensure binary data is passed directly (not base64). PEM auto-detection handles both header formats gracefully.
  • getValidTo() returns a DateTimeImmutable; compare with DateTimeImmutable to avoid type issues.
  • SANs come as an array of strings (DNS, IP, URI); getSubjectAltNames() may be empty if SANs aren’t present—check getSubject()->commonName as fallback (but don’t rely on it).
  • The library requires PHP 8.0+; avoid on legacy systems.
  • If public key parsing fails (e.g., unsupported algorithms), it throws Kelunik\Certificate\CertificateException—always wrap parseCertificate() in try/catch.
Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.
Prompt
Add packages to context
No packages found.
davejamesmiller/laravel-breadcrumbs
artisanry/parsedown
christhompsontldr/phpsdk
enqueue/dsn
bunny/bunny
enqueue/test
enqueue/null
enqueue/amqp-tools
bower-asset/punycode
bower-asset/inputmask
bower-asset/jquery
bower-asset/yii2-pjax
laravel/nova
spatie/laravel-mailcoach
spatie/laravel-superseeder
laravel/liferaft
nst/json-test-suite
danielmiessler/sec-lists
jackalope/jackalope-transport
twbs/bootstrap4