C
C
Get Certificates from .p12 / .pfx
See more PFX/P12 Examples
A PKCS12 (.p12 / .pfx) is a container for holding a certificate, its private key, and the certs in the chain of authentication up to and possibly including the root CA cert. A .p12 is not required to contain certain things. It will contain whatever the creator of the .p12 decided to include. It's possible to contain just a private key, just a cert, many certs without private keys, or many certs with many private keys. Usually, a .p12 contains one certificate, its associated private key, and certificates in the chain of authentication.Chilkat C Downloads
#include <C_CkPfx.h>
#include <C_CkCert.h>
void ChilkatSample(void)
{
BOOL success;
HCkPfx pfx;
HCkCert cert;
int numCerts;
int i;
HCkCert issuer;
success = FALSE;
pfx = CkPfx_Create();
success = CkPfx_LoadPfxFile(pfx,"qa_data/pfx/test.pfx","pfx_password");
if (success == FALSE) {
printf("%s\n",CkPfx_lastErrorText(pfx));
CkPfx_Dispose(pfx);
return;
}
// Iterate over the certs contained in the PFX
cert = CkCert_Create();
numCerts = CkPfx_getNumCerts(pfx);
i = 0;
while (i < numCerts) {
CkPfx_CertAt(pfx,i,cert);
printf("--- %d ---\n",i);
printf("%s\n",CkCert_subjectDN(cert));
// Is this a root cert, or self-signed?
printf("Root: %d\n",CkCert_getIsRoot(cert));
printf("Self-Signed: %d\n",CkCert_getSelfSigned(cert));
// If this certificate is not the root (self-signed), then get the issuer.
// If the issuing certificate is contained in the PFX, then it will be found here..
if (CkCert_getSelfSigned(cert) != TRUE) {
issuer = CkCert_FindIssuer(cert);
if (CkCert_getLastMethodSuccess(cert) == FALSE) {
printf("Issuer not found.\n");
}
else {
printf("Issuer: %s\n",CkCert_subjectDN(issuer));
CkCert_Dispose(issuer);
}
}
i = i + 1;
}
// Usually, the user certificate is at index 0, its issuer is at index 1, etc. until we get to the root certificate.
CkPfx_Dispose(pfx);
CkCert_Dispose(cert);
}