Jump to content
egroups

Simple method to get Expiration Date of PKCS12 certificate

Recommended Posts

Hi,

I need get Expiration Date from certificate.

I tryed this code with libeay32:

function TSOpenSSL.CertificatePKCS12Expirate(const pFileName, pPassword:
    string): TDateTime;
var
  buffer: Array [0..1023] of char;
  ca: pSTACK_OFX509;
  certfile: pBIO;
  lTime: pASN1_TIME;
  p12: pPKCS12;
  pCertificate: pX509;
  pkey: pEVP_PKEY;
begin
  certfile:=BIO_new(BIO_s_file());
  if (certfile = nil) then raise Exception.Create('Error creating BIO.');

  BIO_read_filename(certfile, PAnsiChar(UTF8Encode(pFileName)));

  p12:=d2i_PKCS12_bio(certfile, nil);
  PKCS12_parse(p12, PAnsiChar(pPassword), pkey, pCertificate, ca);
  //here is allways pCertificate=nil
  PKCS12_free(p12);
  p12:=nil;

  BIO_free(certfile);

  if (pCertificate = nil) then raise Exception.Create('Unable to read certificate from file ' + pFileName + '.');
  lTime:=pCertificate.cert_info.validity.notAfter;
end;

I wrote in comment where pCertificate is allways nil and I cannot of course read any data from this.

Why?

Password I have correct.I tryed this on some certificate files.

Share this post


Link to post

Not much error handling for opening the file, it might not exist or be protected, or whether you read it correctly, I set all the output parameters for PKCS12_parse to nil before calling it, unless this is a very old Delphi your password is not AnsiString, just a few things to try, OpenSSL error handling might give you some ideas.  Your last line does not work with any newer versions of OpenSSL, and 1.0.2 is out of support in four weeks.

 

ICS has a TX509 certificate class that does all this for you, including getting all certificate fields, and another that renews it automatically before expiry.  You can use these with internet libraries. 

 

Angus

 

Share this post


Link to post
16 hours ago, Angus Robertson said:

Not much error handling for opening the file, it might not exist or be protected, or whether you read it correctly, I set all the output parameters for PKCS12_parse to nil before calling it, unless this is a very old Delphi your password is not AnsiString, just a few things to try, OpenSSL error handling might give you some ideas.  Your last line does not work with any newer versions of OpenSSL, and 1.0.2 is out of support in four weeks.

 

ICS has a TX509 certificate class that does all this for you, including getting all certificate fields, and another that renews it automatically before expiry.  You can use these with internet libraries. 

 

Angus

 

Thanks for your answer.I tried ICS and now working for me.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×