CryptoSys PKI Pro Manual

X509_GetCertFromPFX

Extracts an X.509 certificate from a PKCS-12 PFX/.p12 file, saving the output directly as a new file.

VBA/VB6 Syntax

Public Declare Function X509_GetCertFromPFX Lib "diCrPKI.dll" (ByVal strOutputFile As String, ByVal strPfxFile As String, ByVal strPassword As String, ByVal nOptions As Long) As Long

nRet = X509_GetCertFromPFX(strOutputFile, strPfxFile, strPassword, nOptions) As Long

C/C++ Syntax

long __stdcall X509_GetCertFromPFX(const char *szNewCertFile, const char *szPfxFile, const char *szPassword, long nOptions);

Parameters

szNewCertFile
[in] specifying the filename of the output file to be created.
szPfxFile
[in] containing the PFX filename
szPassword
[in] containing password or "" if certificate is not encrypted
nOptions
[in] option flags:
PKI_DEFAULT (0) to export a single DER-encoded X.509 certificate.
PKI_PFX_P7CHAIN to output all certificates in a PKCS7 certificate chain file (.p7b or .p7c).

Returns (VBA/C)

If successful, it returns the number of bytes written to the output file; otherwise it returns a negative error code.

.NET Equivalent

X509.GetCertFromPFX Method
X509.GetP7ChainFromPFX Method

C++ (STL) Equivalent

static bool dipki::X509::GetCertFromPFX (const std::string &outputFile, const std::string &inputFile, const std::string &password)
static X509.get_p7chain_from_pfx(outfile, pfxfile, password)

Python Equivalent

static X509.get_cert_from_pfx(outfile, pfxfile, password)
static X509.get_p7chain_from_pfx(outfile, pfxfile, password)

Remarks

The default behaviour is to extract one certificate from the PFX file and save directly as a DER-encoded X.509 certificate file. Any existing file of the same name will be overwritten without warning. It will attempt to find a matching certificate for any private key, otherwise it will save the first pkcs-12-certBag found in the PFX file containing a x509Certificate. Both unencrypted certificates and certificates encrypted with the weak 40-bit encryption used by "default" in Microsoft and OpenSSL PKCS-12 files are supported, but not any other encryption algorithm. If no certificate can be found the function will return a negative NO_DATA_ERROR error code.

The PKI_PFX_P7CHAIN option will output all X.509 certificates found into a single PKCS#7 certificate chain file. The correct MIME-designated file extension for such a file is .p7c, but for historical reasons Microsoft use .p7b instead.

Example

nChars = X509_GetCertFromPFX("mycert.cer", "mypkcs12file.pfx", "password", 0)

will extract an X.509 certificate from the PKCS-12 file mypkcs12file.pfx with password "password", and save it as the new DER-encoded certificate file mycert.cer. The variable nChars will contain the size in bytes of the new file it created, or a negative error code.

See Also

X509_ReadCertStringFromPFX PFX_VerifySig

[Contents] [Index]

[PREV: X509_GetCertFromP7Chain...]   [Contents]   [Index]   
   [NEXT: X509_HashIssuerAndSN...]
Copyright © 2004-24 D.I. Management Services Pty Ltd. All rights reserved. Generated 2024-09-23T07:52:09Z.