Java
Java
Get Certificates from .p12 / .pfx
See more PFX/P12 Examples
A PKCS12 (.p12 / .pfx) is a container for holding a certificate, its private key, and the certs in the chain of authentication up to and possibly including the root CA cert. A .p12 is not required to contain certain things. It will contain whatever the creator of the .p12 decided to include. It's possible to contain just a private key, just a cert, many certs without private keys, or many certs with many private keys. Usually, a .p12 contains one certificate, its associated private key, and certificates in the chain of authentication.Chilkat Java Downloads
import com.chilkatsoft.*;
public class ChilkatExample {
static {
try {
System.loadLibrary("chilkat");
} catch (UnsatisfiedLinkError e) {
System.err.println("Native code library failed to load.\n" + e);
System.exit(1);
}
}
public static void main(String argv[])
{
boolean success = false;
CkPfx pfx = new CkPfx();
success = pfx.LoadPfxFile("qa_data/pfx/test.pfx","pfx_password");
if (success == false) {
System.out.println(pfx.lastErrorText());
return;
}
// Iterate over the certs contained in the PFX
CkCert cert = new CkCert();
int numCerts = pfx.get_NumCerts();
int i = 0;
while (i < numCerts) {
pfx.CertAt(i,cert);
System.out.println("--- " + i + " ---");
System.out.println(cert.subjectDN());
// Is this a root cert, or self-signed?
System.out.println("Root: " + cert.get_IsRoot());
System.out.println("Self-Signed: " + cert.get_SelfSigned());
// If this certificate is not the root (self-signed), then get the issuer.
// If the issuing certificate is contained in the PFX, then it will be found here..
if (cert.get_SelfSigned() != true) {
CkCert issuer = cert.FindIssuer();
if (cert.get_LastMethodSuccess() == false) {
System.out.println("Issuer not found.");
}
else {
System.out.println("Issuer: " + issuer.subjectDN());
}
}
i = i+1;
}
// Usually, the user certificate is at index 0, its issuer is at index 1, etc. until we get to the root certificate.
}
}