Archived Forum Post

Index of archived forum posts

Question:

Export PFX without private key

Jan 22 '15 at 22:51

Hi

I have a a PFX, with both public and private keys. I need to export the certificate, for use as a WS-Security BinarySecurityToken. I have no trouble exporting the entire certificate or either key. However, I need to export the certificate, without the private key. Is this possible?

Thanks,

David


Answer

David,

Yes, the Chilkat.Cert (or CkCert) class has a method for loading a PFX. When a PFX is loaded into a cert object, you are effectively loading the primary cert of the PFX into the cert object. You can then save the cert to any format using the methods provided in Chilkat.Cert.


Answer

Hi,

Thanks for the reply. I have spent some time on it, but I have not found a way to export the cert, without the private key. What methods do I use to accomplish it? The certificate is flagged to allow the private key to be exported, but I do not want it included. I thought about calling CkCert_ExportCertDer, trying to remove the private key, and reloading the cert with CkCert_LoadFromBinary. However, CkCert_ExportCertDer produces an access violation (but CkCert_ExportCertDerFile works) and I don't know how to identify the private certificate. Any suggestions?

Thanks,

David


Answer

Hi,

The DLL call fails. However, I was able to use the ActiveX.ExportCertDer to export the binary data to memory. I modified the data to remove the private certificate and reloaded it with LoadFromBinary. ExportCertPem produces the same result as before I removed. I called HasPrivateKey to confirm that the edited cert does not have the private key and the original does. Yet, the exported cert differs from what I get from SoapUI. Does Chilkat produce a different result than SoapUI? SoapUI generates a Base64 public certificate for a BinarySecurityToken.

Thanks,

David