Jump to content
Registration disabled at the moment Read more... ×
egroups

Simple method to get Expiration Date of PKCS12 certificate

By egroups, in Network, Cloud and Web

Recommended Posts

egroups    2

egroups
Posted

Hi,

I need get Expiration Date from certificate.

I tryed this code with libeay32: 

function TSOpenSSL.CertificatePKCS12Expirate(const pFileName, pPassword:
    string): TDateTime;
var
  buffer: Array [0..1023] of char;
  ca: pSTACK_OFX509;
  certfile: pBIO;
  lTime: pASN1_TIME;
  p12: pPKCS12;
  pCertificate: pX509;
  pkey: pEVP_PKEY;
begin
  certfile:=BIO_new(BIO_s_file());
  if (certfile = nil) then raise Exception.Create('Error creating BIO.');

  BIO_read_filename(certfile, PAnsiChar(UTF8Encode(pFileName)));

  p12:=d2i_PKCS12_bio(certfile, nil);
  PKCS12_parse(p12, PAnsiChar(pPassword), pkey, pCertificate, ca);
  //here is allways pCertificate=nil
  PKCS12_free(p12);
  p12:=nil;

  BIO_free(certfile);

  if (pCertificate = nil) then raise Exception.Create('Unable to read certificate from file ' + pFileName + '.');
  lTime:=pCertificate.cert_info.validity.notAfter;
end;

I wrote in comment where pCertificate is allways nil and I cannot of course read any data from this.

Why?

Password I have correct.I tryed this on some certificate files.

Share this post

Link to post

Angus Robertson    659

Angus Robertson
Posted

Not much error handling for opening the file, it might not exist or be protected, or whether you read it correctly, I set all the output parameters for PKCS12_parse to nil before calling it, unless this is a very old Delphi your password is not AnsiString, just a few things to try, OpenSSL error handling might give you some ideas.  Your last line does not work with any newer versions of OpenSSL, and 1.0.2 is out of support in four weeks.

 

ICS has a TX509 certificate class that does all this for you, including getting all certificate fields, and another that renews it automatically before expiry.  You can use these with internet libraries. 

 

Angus

 

Share this post

Link to post

egroups    2

egroups
Posted
16 hours ago, Angus Robertson said:

Not much error handling for opening the file, it might not exist or be protected, or whether you read it correctly, I set all the output parameters for PKCS12_parse to nil before calling it, unless this is a very old Delphi your password is not AnsiString, just a few things to try, OpenSSL error handling might give you some ideas.  Your last line does not work with any newer versions of OpenSSL, and 1.0.2 is out of support in four weeks.

 

ICS has a TX509 certificate class that does all this for you, including getting all certificate fields, and another that renews it automatically before expiry.  You can use these with internet libraries. 

 

Angus

 

Thanks for your answer.I tried ICS and now working for me.

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Go To Topic Listing Network, Cloud and Web
×