Not a valid certificate from CertStore

GOMEZEL_DINO · November 7, 2025, 9:18am

Hello!

I try to use a certificate form a CertStore. The certificate is not in any way corrupted (it's regularly used in other places).

I used the code from the article that I found in the forum (as an external link).

The error is "Project Easy.exe raised exception class ECryptoPack with message 'ProcessSubjectData: not a valid certificate [01]'."

const
  X509_ASN_ENCODING = $00000001;
  CERT_COMPARE_ANY   = 0;
  CERT_COMPARE_SHIFT = 16;
  CERT_FIND_ANY      = CERT_COMPARE_ANY shl CERT_COMPARE_SHIFT;

  function ExtractCertWindowsStore(SerialNumber: string): TX509Certificate;
  function CertOpenSystemStore(hProv: HCRYPTPROV; szSubsystemProtocol: LPCTSTR): hCertStore; stdcall; external 'crypt32.dll' name 'CertOpenSystemStoreW';
  function CertFindCertificateInStore(hCertStore: hCertStore; dwCertEncodingType, dwFindFlags, dwFindType: DWORD; pvFindPara: Pointer;
    pPrevCertContext: PCCERT_CONTEXT): PCCERT_CONTEXT; stdcall; external 'crypt32.dll' name 'CertFindCertificateInStore';

function ExtractCertWindowsStore(SerialNumber: string): TX509Certificate;
var
  Store: hCertStore;
  Cert: PCCERT_CONTEXT;
  s: string;
  i: integer;
  Conv: TConvert;
  X509Cert: TX509Certificate;

begin
  Cert := nil;
  Store := CertOpenSystemStore(0, PChar('MY'));
  if (Store <> nil) then
    Cert := CertFindCertificateInStore(Store, X509_ASN_ENCODING, 0, CERT_FIND_ANY, PChar(SerialNumber), nil)
  else
     raise Exception.Create('Unable to open certificate store');

  if (Cert <> nil) then begin
    s := '';
    for i := 0 to Cert.cbCertEncoded - 1 do
      s := s + IntToHex(integer(Cert.pbCertEncoded[i]), 2);

    Conv := TConvert.Create(hexa);
    try
      s := Conv.HexaToBase64(s);
    finally
      Conv.Free;
    end;
    X509Cert := TX509Certificate.Create;
    X509Cert.CrtStr := s;
    X509Cert.Decode;
    Result := X509Cert;
  end else
    raise Exception.Create('Certificate ' + SerialNumber + ' not found');
end;

I call the function and I get the error. The certificate is correctly found in the store (at least I hope, because I see the result object), so I think there my be a problem in the transition to TX509Certificate.

I would kindly ask for help, because I'm blocked and don't know how to proceed.

Kind regards.

Bernard · November 7, 2025, 10:01am

Hello,
Can you please send me the cert at bernard[at]tmssoftware[dot]com?

GOMEZEL_DINO · November 7, 2025, 12:56pm

Just for documentation purposes:

TMS cannot handle DES/3DES certificates.

Thanks to Bernard for the support!

Bernard · November 7, 2025, 1:02pm

This is correct. TMS CP never supported deprecated algorithms, except for SHA1 because it is still used in many certificates (and XAdES by some countries) and the security consequences are slightly different.

system · November 8, 2025, 1:02pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Windows Cert Store support and examples, extension OID-s TMS Cryptography Pack	3	20	November 18, 2025
TMS Cryptography Pack and Windows CertStore Certificate TMS Cryptography Pack	23	1341	October 7, 2025
Error when decrypting pkcs#12 file (TCAdES) - LoadCertAndKeyFromPKCS12Certificate from PFXFile TMS Cryptography Pack	7	307	October 28, 2022
Certificate problem (demo.exe) TMS Cryptography Pack	1	51	October 18, 2025
TMS Crypto Pack Beta 5.0.3: Unsupported PKCS#8 Public Key Hex Error in CSR TMS Cryptography Pack	9	101	March 12, 2025

Not a valid certificate from CertStore

Related topics