How to get next certificate in chain

597 Views Asked by Leśny Rumcajs At 17 November 2025 at 10:05

I want to get parent certificate (or all certificates in chain for that matter) from Windows Certificate Store (assuming I know the location of the end certificate). I need to get each one in order to build my own custom X509_STORE (using OpenSSL).

I think the proper course of action would be:

obtain first certificate using CertFindCertificateInStore (done)
get the certificate chain using CertGetCertificateChain (done)
extract the certificates from chain (?)
for each certificate in chain, convert it using d2i_X509 (done)

obtain first certificate using CertFindCertificateInStore (done)
get the parent certificate (if exists) (?)
convert it using d2i_X509, go to 2. (done)

Then create the store.

The question to answer is then - how to get the parent certificate or all certificates in chain using Windows Certificate Store? I'm probably missing some more or less occult function here.

Original Q&A

There are 1 best solutions below

Leśny Rumcajs On 28 January 2016 at 10:46 BEST ANSWER

as the CertFindCertificateInStore outputs a chain context, one can access it's members using the beautiful construction:

chainContext->rgpChain[0]->rgpElement[iCertIndex]->pCertContext->pbCertEncoded

where iCertIndex is between 0 (end-certificate) and chainSize -1 (self-signed root certificate).

How to get next certificate in chain

There are 1 best solutions below

Related Questions in C

Related Questions in OPENSSL

Related Questions in CRYPTOAPI

Related Questions in WINCRYPT

Trending Questions

Popular # Hahtags

Popular Questions