Sample code for 30+ languages & platforms
Unicode C

Find Certificate by Email Address

See more Cert Store Examples

Demonstrates how to find a certificate having the specified email address either within the cert's subject email, or the RFC822 name.

In an X.509 certificate, an email address can typically be located in two places:

  1. RFC822 Name (Subject Alternative Name extension) -
    • The certificate may include an email address in the Subject Alternative Name (SAN) extension under the RFC822 Name field. This is a modern and preferred method because it allows for flexibility and alignment with security best practices.
    • To find it, Chilkat inspects the SAN extension in the certificate details.
  2. Subject (Common Name or Email Address attribute) -
    • Older certificates may store the email address directly in the Subject field, typically under the Email Address attribute ("emailAddress") or, less commonly, the Common Name (CN).
    • This method is less preferred in modern standards but can still be encountered in legacy implementations. Chilkat also searches here for the email address.

Note: Requires Chilkat v10.1.2 or later.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkCertStoreW.h>
#include <C_CkJsonObjectW.h>
#include <C_CkCertW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkCertStoreW certStore;
    BOOL readOnly;
    HCkJsonObjectW json;
    const wchar_t *email_address;
    HCkCertW cert;

    success = FALSE;

    certStore = CkCertStoreW_Create();

    // This opens the Current User certificate store on Windows,
    // On MacOS and iOS it opens the default Keychain.
    readOnly = FALSE;
    success = CkCertStoreW_OpenCurrentUserStore(certStore,readOnly);
    if (success == FALSE) {
        wprintf(L"%s\n",CkCertStoreW_lastErrorText(certStore));
        CkCertStoreW_Dispose(certStore);
        return;
    }

    // Find the certificate having the specified email address in either the RFC822 Name or in the Subject.
    json = CkJsonObjectW_Create();
    email_address = L"joe@example.com";
    CkJsonObjectW_UpdateString(json,L"email",email_address);

    cert = CkCertW_Create();
    success = CkCertStoreW_FindCert(certStore,json,cert);
    if (success == TRUE) {
        // Show the full distinguished name of the certificate.
        wprintf(L"Found: %s\n",CkCertW_subjectDN(cert));
    }
    else {
        wprintf(L"Not found.\n");
    }



    CkCertStoreW_Dispose(certStore);
    CkJsonObjectW_Dispose(json);
    CkCertW_Dispose(cert);

    }