Sample code for 30+ languages & platforms
Delphi DLL

Get Certificates from .p12 / .pfx

See more PFX/P12 Examples

A PKCS12 (.p12 / .pfx) is a container for holding a certificate, its private key, and the certs in the chain of authentication up to and possibly including the root CA cert. A .p12 is not required to contain certain things. It will contain whatever the creator of the .p12 decided to include. It's possible to contain just a private key, just a cert, many certs without private keys, or many certs with many private keys. Usually, a .p12 contains one certificate, its associated private key, and certificates in the chain of authentication.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Cert, Pfx;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
pfx: HCkPfx;
cert: HCkCert;
numCerts: Integer;
i: Integer;
issuer: HCkCert;

begin
success := False;

pfx := CkPfx_Create();

success := CkPfx_LoadPfxFile(pfx,'qa_data/pfx/test.pfx','pfx_password');
if (success = False) then
  begin
    Memo1.Lines.Add(CkPfx__lastErrorText(pfx));
    Exit;
  end;

// Iterate over the certs contained in the PFX
cert := CkCert_Create();
numCerts := CkPfx_getNumCerts(pfx);
i := 0;
while i < numCerts do
  begin

    CkPfx_CertAt(pfx,i,cert);

    Memo1.Lines.Add('--- ' + IntToStr(i) + ' ---');
    Memo1.Lines.Add(CkCert__subjectDN(cert));
    // Is this a root cert, or self-signed?
    Memo1.Lines.Add('Root: ' + IntToStr(Ord(CkCert_getIsRoot(cert))));
    Memo1.Lines.Add('Self-Signed: ' + IntToStr(Ord(CkCert_getSelfSigned(cert))));

    // If this certificate is not the root (self-signed), then get the issuer.
    // If the issuing certificate is contained in the PFX, then it will be found here..
    if (CkCert_getSelfSigned(cert) <> True) then
      begin
        issuer := CkCert_FindIssuer(cert);
        if (CkCert_getLastMethodSuccess(cert) = False) then
          begin
            Memo1.Lines.Add('Issuer not found.');
          end
        else
          begin
            Memo1.Lines.Add('Issuer: ' + CkCert__subjectDN(issuer));
            CkCert_Dispose(issuer);
          end;
      end;
    i := i + 1;
  end;

// Usually, the user certificate is at index 0, its issuer is at index 1, etc. until we get to the root certificate.

CkPfx_Dispose(pfx);
CkCert_Dispose(cert);

end;