(Go) Get Certificates from .p12 / .pfx

A PKCS12 (.p12 / .pfx) is a container for holding a certificate, its private key, and the certs in the chain of authentication up to and possibly including the root CA cert. A .p12 is not required to contain certain things. It will contain whatever the creator of the .p12 decided to include. It's possible to contain just a private key, just a cert, many certs without private keys, or many certs with many private keys. Usually, a .p12 contains one certificate, its associated private key, and certificates in the chain of authentication.

Chilkat Go Downloads Go Package for Windows, MacOS, Linux, Alpine Linux, Solaris

    pfx := chilkat.NewPfx()

    success := pfx.LoadPfxFile("qa_data/pfx/test.pfx","pfx_password")
    if success == false {
        fmt.Println(pfx.LastErrorText())
        pfx.DisposePfx()
        return
    }

    // Iterate over the certs contained in the PFX
    numCerts := pfx.NumCerts()
    i := 0
    for i < numCerts {
        cert := pfx.GetCert(i)

        fmt.Println("--- ", i, " ---")
        fmt.Println(cert.SubjectDN())
        // Is this a root cert, or self-signed?
        fmt.Println("Root: ", cert.IsRoot())
        fmt.Println("Self-Signed: ", cert.SelfSigned())

        // If this certificate is not the root (self-signed), then get the issuer.
        // If the issuing certificate is contained in the PFX, then it will be found here..
        if cert.SelfSigned() != true {
            issuer := cert.FindIssuer()
            if cert.LastMethodSuccess() == false {
                fmt.Println("Issuer not found.")
            }
            else {
                fmt.Println("Issuer: ", issuer.SubjectDN())
                issuer.DisposeCert()
            }

        }

        cert.DisposeCert()
        i = i + 1
    }

    // Usually, the user certificate is at index 0, its issuer is at index 1, etc. until we get to the root certificate.

    pfx.DisposePfx()