Sample code for 30+ languages & platforms
Unicode C++

Get Certificates from .p12 / .pfx

See more PFX/P12 Examples

A PKCS12 (.p12 / .pfx) is a container for holding a certificate, its private key, and the certs in the chain of authentication up to and possibly including the root CA cert. A .p12 is not required to contain certain things. It will contain whatever the creator of the .p12 decided to include. It's possible to contain just a private key, just a cert, many certs without private keys, or many certs with many private keys. Usually, a .p12 contains one certificate, its associated private key, and certificates in the chain of authentication.

Chilkat Unicode C++ Downloads

Unicode C++
#include <CkPfxW.h>
#include <CkCertW.h>

void ChilkatSample(void)
    {
    bool success = false;

    CkPfxW pfx;

    success = pfx.LoadPfxFile(L"qa_data/pfx/test.pfx",L"pfx_password");
    if (success == false) {
        wprintf(L"%s\n",pfx.lastErrorText());
        return;
    }

    // Iterate over the certs contained in the PFX
    CkCertW cert;
    int numCerts = pfx.get_NumCerts();
    int i = 0;
    while (i < numCerts) {

        pfx.CertAt(i,cert);

        wprintf(L"--- %d ---\n",i);
        wprintf(L"%s\n",cert.subjectDN());
        // Is this a root cert, or self-signed?
        wprintf(L"Root: %d\n",cert.get_IsRoot());
        wprintf(L"Self-Signed: %d\n",cert.get_SelfSigned());

        // If this certificate is not the root (self-signed), then get the issuer.
        // If the issuing certificate is contained in the PFX, then it will be found here..
        if (cert.get_SelfSigned() != true) {
            CkCertW *issuer = cert.FindIssuer();
            if (cert.get_LastMethodSuccess() == false) {
                wprintf(L"Issuer not found.\n");
            }
            else {
                wprintf(L"Issuer: %s\n",issuer->subjectDN());
                delete issuer;
            }

        }

        i = i + 1;
    }

    // Usually, the user certificate is at index 0, its issuer is at index 1, etc. until we get to the root certificate.
    }