Sample code for 30+ languages & platforms
PHP Extension

Get Certificates from .p12 / .pfx

See more PFX/P12 Examples

A PKCS12 (.p12 / .pfx) is a container for holding a certificate, its private key, and the certs in the chain of authentication up to and possibly including the root CA cert. A .p12 is not required to contain certain things. It will contain whatever the creator of the .p12 decided to include. It's possible to contain just a private key, just a cert, many certs without private keys, or many certs with many private keys. Usually, a .p12 contains one certificate, its associated private key, and certificates in the chain of authentication.

Chilkat PHP Extension Downloads

PHP Extension
<?php

include("chilkat.php");

$success = false;

$pfx = new CkPfx();

$success = $pfx->LoadPfxFile('qa_data/pfx/test.pfx','pfx_password');
if ($success == false) {
    print $pfx->lastErrorText() . "\n";
    exit;
}

// Iterate over the certs contained in the PFX
$cert = new CkCert();
$numCerts = $pfx->get_NumCerts();
$i = 0;
while ($i < $numCerts) {

    $pfx->CertAt($i,$cert);

    print '--- ' . $i . ' ---' . "\n";
    print $cert->subjectDN() . "\n";
    // Is this a root cert, or self-signed?
    print 'Root: ' . $cert->get_IsRoot() . "\n";
    print 'Self-Signed: ' . $cert->get_SelfSigned() . "\n";

    // If this certificate is not the root (self-signed), then get the issuer.
    // If the issuing certificate is contained in the PFX, then it will be found here..
    if ($cert->get_SelfSigned() != true) {
        // issuer is a CkCert
        $issuer = $cert->FindIssuer();
        if ($cert->get_LastMethodSuccess() == false) {
            print 'Issuer not found.' . "\n";
        }
        else {
            print 'Issuer: ' . $issuer->subjectDN() . "\n";

        }

    }

    $i = $i + 1;
}

// Usually, the user certificate is at index 0, its issuer is at index 1, etc. until we get to the root certificate.

?>