Sample code for 30+ languages & platforms
PowerShell

Get Certificates from .p12 / .pfx

See more PFX/P12 Examples

A PKCS12 (.p12 / .pfx) is a container for holding a certificate, its private key, and the certs in the chain of authentication up to and possibly including the root CA cert. A .p12 is not required to contain certain things. It will contain whatever the creator of the .p12 decided to include. It's possible to contain just a private key, just a cert, many certs without private keys, or many certs with many private keys. Usually, a .p12 contains one certificate, its associated private key, and certificates in the chain of authentication.

Chilkat PowerShell Downloads

PowerShell
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"

$success = $false

$pfx = New-Object Chilkat.Pfx

$success = $pfx.LoadPfxFile("qa_data/pfx/test.pfx","pfx_password")
if ($success -eq $false) {
    $($pfx.LastErrorText)
    exit
}

# Iterate over the certs contained in the PFX
$cert = New-Object Chilkat.Cert
$numCerts = $pfx.NumCerts
$i = 0
while ($i -lt $numCerts) {

    $pfx.CertAt($i,$cert)

    $("--- " + $i + " ---")
    $($cert.SubjectDN)
    # Is this a root cert, or self-signed?
    $("Root: " + $cert.IsRoot)
    $("Self-Signed: " + $cert.SelfSigned)

    # If this certificate is not the root (self-signed), then get the issuer.
    # If the issuing certificate is contained in the PFX, then it will be found here..
    if ($cert.SelfSigned -ne $true) {
        $issuer = $cert.FindIssuer()
        if ($cert.LastMethodSuccess -eq $false) {
            $("Issuer not found.")
        }
        else {
            $("Issuer: " + $issuer.SubjectDN)

        }

    }

    $i = $i + 1
}

# Usually, the user certificate is at index 0, its issuer is at index 1, etc. until we get to the root certificate.