Hi Currently I am doing some coding in php to match a client certifcate with an openldap certificate of that same user just to verify. I mean the user stored one copy of this certficate in openldap previously and now when he shows his certificate to server the server will then fetch that users certificate from ldap and match. and later I want to do hash. Now in ldap its stored in .der format and in browser its in .p12 So what I am doing is as below: <?php $HASH_ALG='md5'; include_once '../ldapconnect.php'; ////////////////////////////////////////////////////////////////////////////////// //Reading the client certificate from web server $loginCert = openssl_x509_read ($_SERVER["SSL_CLIENT_CERT"]); //convert the certificate into string $pemb = chunk_split(base64_encode($loginCert), 64, "\n"); $pemb = "-----BEGIN CERTIFICATE-----\n".$pemb."-----END CERTIFICATE-----\n"; openssl_x509_export($pemb,$cert_pemb_string); $login_cert_hash = hash ($HASH_ALG, $cert_pemb_string); echo "Browser HASH= ". $login_cert_hash; echo "<br />"; /////////////////////////////////////////////////////////////////////////////////// $userName=$_SERVER["SSL_CLIENT_S_DN_CN"]; $filter="(cn=$userName)"; $justthese = array ("userCertificate;binary"); $result=ldap_search ($ldapconnect,"ou=people,dc=example,dc=com", $filter); $entry = ldap_first_entry($ldapconnect,$result); $attributes= ldap_get_attributes($ldapconnect,$entry); $cert_der =$attributes["userCertificate;binary"][0]; // converting der to pem $pem = chunk_split(base64_encode($cert_der), 64, "\n"); $pem = "-----BEGIN CERTIFICATE-----\n".$pem."-----END CERTIFICATE-----\n"; openssl_x509_export($pem,$cert_pem_string); $ldap_cert_hash = hash($HASH_ALG, $cert_pem_string); Now finally I will match $login_cert_hash and $ldap_cert_hash but problem is its always giving me the same output of hash even if I manually change the certificate of client to make sure. I don't get it. Thank in advance.