In ruby, how do I get the subject, issuer etc. after creating an OpenSSL PKCS12 object

Question

If I use

c = OpenSSL::PKCS12.new data

is there something like c.subject or s.expiry to get these attributes?

Answer 1

PKCS#12 is a container format that collects keys and certificates and stores them in a possibly encrypted format. Most of the time, the file is encrypted, so you would "load" the PKCS12 object like this:

p12 = OpenSSL::PKCS12.new(data, "password")

If the password was correct, you will now have access to the key and certificate:

key = p12.key
cert = p12.certificate

With the certificate, you can now access the subject and expiry using the methods of OpenSSL::X509::Certificate. Note that the expiry is accessed by `#not_after'.