Sample code for 30+ languages & platforms
Chilkat2-Python

Get Certificates from .p12 / .pfx

See more PFX/P12 Examples

A PKCS12 (.p12 / .pfx) is a container for holding a certificate, its private key, and the certs in the chain of authentication up to and possibly including the root CA cert. A .p12 is not required to contain certain things. It will contain whatever the creator of the .p12 decided to include. It's possible to contain just a private key, just a cert, many certs without private keys, or many certs with many private keys. Usually, a .p12 contains one certificate, its associated private key, and certificates in the chain of authentication.

Chilkat Chilkat2-Python Downloads

Chilkat2-Python
import sys
import chilkat2

success = False

pfx = chilkat2.Pfx()

success = pfx.LoadPfxFile("qa_data/pfx/test.pfx","pfx_password")
if (success == False):
    print(pfx.LastErrorText)
    sys.exit()

# Iterate over the certs contained in the PFX
cert = chilkat2.Cert()
numCerts = pfx.NumCerts
i = 0
while i < numCerts :

    pfx.CertAt(i,cert)

    print("--- " + str(i) + " ---")
    print(cert.SubjectDN)
    # Is this a root cert, or self-signed?
    print("Root: " + str(cert.IsRoot))
    print("Self-Signed: " + str(cert.SelfSigned))

    # If this certificate is not the root (self-signed), then get the issuer.
    # If the issuing certificate is contained in the PFX, then it will be found here..
    if (cert.SelfSigned != True):
        # issuer is a CkCert
        issuer = cert.FindIssuer()
        if (cert.LastMethodSuccess == False):
            print("Issuer not found.")
        else:
            print("Issuer: " + issuer.SubjectDN)

    i = i + 1

# Usually, the user certificate is at index 0, its issuer is at index 1, etc. until we get to the root certificate.