183

I have a PFX certificate file on my machine and I'd like to view the details before importing it. (The import utility doesn't actually tell you what the certificate is!).

How do I view the details about the PFX certificate file?

Simon A. Eugster
  • 930
  • 1
  • 9
  • 16
PeterX
  • 5,081
  • 8
  • 22
  • 27
  • 9
    It is 2019 and we still can't easily view a certificate before installing it. We have to go out on the web to find an answer. Sad state of affairs for Microsoft. – jww Sep 15 '19 at 00:24

5 Answers5

249

Some options to view PFX file details:

  • Open a command prompt and type: certutil -dump <path to cert>
  • Install OpenSSL and use the commands to view the details, such as: openssl pkcs12 -info -in <path to cert>
explunit
  • 111
  • 5
PeterX
  • 5,081
  • 8
  • 22
  • 27
  • The first option is good, but is there any way of seeing more details of the certificate such as the SAN, without installing a third party tool? – Meir Aug 17 '16 at 08:41
  • 29
    certutil **-v** -dump will display a verbose listing including SAN. – C. Cornwell Jan 05 '17 at 22:37
  • 2
    I have an encrypted pfx file. Is there any information I can find out about it without knowing the password? – mwfearnley Apr 21 '17 at 14:22
  • @mwfearnley, except of recovering the password via brute-force method, I am afraid there is no other option left. – U880D Apr 17 '18 at 08:59
12

You can pipe the info to the openssl x509 utility and then export that out to a file like this:

openssl.exe pkcs12 -info -in c:\temp\cert.pfx | openssl.exe x509 -noout -text > c:\temp\cert.pfx.details.txt

You will be prompted for the certificate passwords too of course.

pHarris
  • 129
  • 1
  • 3
10

The contents of a pfx file can be viewed in the GUI by right-clicking the PFX file and selecting Open (instead of the default action, Install).

Explorer context menu

This will open mmc and show the pfx file as a folder. Open the pfx folder and the Certificates subfolder, and you will see the certificate(s) contained in the pfx. The certificate can be opened to view details.

example UI

Alternatively, the GUI can be opened by running mmc certmgr.msc /CERTMGR:FILENAME="C:\path\to\pfx"

It is also possible to use FileTypesMan to change the default (double-click) action for PFX files from Install to Open.

josh3736
  • 3,913
  • 5
  • 24
  • 33
  • 14
    Unfortunately Explorer's "Open" command in the context-menu just gives me this message: "This file has password protected certificates for the following: Personal Information Exchange." and doesn't let me continue. It never prompts me for a password either. – Dai Apr 14 '21 at 04:48
  • This works in Windows 11, but you can't use the `Open` in the first menu, you have to `Show More Options`, then `Open` from there. (Note: I tested with a .p12 that didn't have a password.) – mwfearnley Feb 14 '23 at 14:40
  • 2
    Yeah, certmgr can only display pfx files that have no password protection. If your pfx has a password, you'll need to [remove the password from the file](https://serverfault.com/q/515833) using openssl (or similar) before you can use the GUI to view it. Of course, if you have openssl, you can just use it to directly display the details on the command line (`openssl pkcs12 -info -in FILE.pfx`). – josh3736 Feb 15 '23 at 00:08
2

I know this old but, but I have written a small application that is able to show certificates in PFX files. It doesn't show whether it has key or not, but you can browse through certificates in it.

You can download latest version from the Release section. Works on Windows and Linux

https://github.com/nomailme/certificate-info enter image description here

nomail
  • 121
  • 3
0

Another possibility: using SigCheck utility, as mentioned in Microsoft's Clickonce docs (the docs mention examining a .manifest file, but it works on a .pfx file as well).

Outputs looks like:

enter image description here

Veverke
  • 167
  • 9
  • 2
    As I understand, sigcheck checks the signature of the specified file(s). Since, pfx file is not signed, the output shows as 'unsigned'. So this way doesn't work there. – Jury May 07 '20 at 01:43
  • @Jury: is not the question about being able to **view** the contents of the certificate ? This way does show. The file being signed or not is not relevant for the problem posed - as far as I understand. – Veverke May 07 '20 at 06:42
  • 1
    Using sigcheck on a pfx adds no useful information that's not also present if you rightclick on the file in explorer and choose 'Properties' – janv8000 May 04 '22 at 09:27