CertificateInfo is a content plugin that can show various information about certificate files like CER, CRT, DER, PEM, P7B, PFX, P12 and SST. It supports binary encoded files as well as Base64 encoded ones.


1. Features

2. System Requirements

3. Plugin settings

3.1. Location of plugin settings files

Since this plugin is a content plugin, it returns a so-called detect string to TC. This string is saved in wincmd.ini and can be edited if necessary. See next section below.

The plugin also has additional settings which are saved in a different file. If you want to change any plugin settings you can use either

a) CertificateInfo.ini in the plugin's directory, or

b) contplug.ini in the directory where wincmd.ini is located (default).

Option a) is good for portable mode, option b) is useful on systems where Total Commander is installed in a directory where users can't write to (like %ProgramFiles%).

Important: If CertificateInfo.ini exists in the plugin's directory it is preferred over contplug.ini!

3.2. Detect string

A detect string contains all extensions for which TC makes calls to a plugin. Exemplary detect string:

n_detect="SIZE < 1048576 & (EXT = "CRT" | EXT="CER"....)"

where n is the number assigned by TC to the plugin. If you need to add or remove file extensions, you can do so in wincmd.ini. Open wincmd.ini in your favorite editor, look for the plugin number assigned by TC in section [ContentPlugins], then look for the detect string starting with that same number, and make changes to the plugin's detect string as you see fit. Note that opening a new TC instance (or a TC restart) is required for any changes to take effect.
The TC Wiki article ContentGetDetectString is a good starting point if you need to make major changes to the detect string.

3.3. The settings in detail

The settings are explained in the CertificateInfo.sample.ini file, but they're listed here for the sake of completeness.

Section [CertificateInfo]

Setting and default Description
CertCount = 3 Defines the number of certificates to provide in TC's interface. Values smaller than 1 are internally reset to 1. The plugin doesn't enforce an upper limit currently. Setting this to a larger value will allow access to more certificates contained in files like PEM and SST, but it may also make the field selection in TC cumbersome and/or confusing since each certificate provides more than a dozen content fields.
SerialCase = 0 0 - Don't change the case of the certificate's serial, i.e. leave it to the OS or plugin functions (usually uppercase)
1 - Always show the certificate's serial in uppercase characters
-1 - Always show the certificate's serial in lowercase characters
ThumbprintCase = 0 Set Thumbprint case. Same values as for SerialCase setting, see above.
CacheSize = 4000 Set the maximum number of items to cache in memory to allow TC fast access to the plugin field values. Values equal to or smaller than 0 are ignored.
ClearCacheOnRefresh = 1 1 - Flush the cache when the cm_RereadSource command is issued in TC, e.g. by pressing Ctrl+R. This forces a refresh on all plugin field values, including the certificate's verification status if this field is present in a custom column.
0 - Don't clear cache on cm_RereadSource.
VerificationAllUsagesValid = 1 1 - Don't perform the default verification of the policy provider, i.e. consider all certificate usages valid for the certificate verification.
0 - Perform the default verification of the policy provider, e.g. code signing for Authenticode. This may make certificates to be considered not valid for the intended usage.
CriticalExtensionPrefix = "(!)" Sets the prefix that is shown for the "Cert Extensions" fields if such an extension is set to critical in the certificate. By default the value is an exclamation mark in parentheses, more or less a textual representationn of the warning icon shown by Windows in the certificate properties. Set to an empty string to disable the prefix completely.
CleanUpTempDir = 0 If set to a value larger than 0, delete files named "tmp*.tmp" from user's %TEMP% directory that are left there due to a Windows bug (see Known Issues section). This setting is disabled by default for security reasons, and because it's only useful/relevant on older Windows versions. The value defines how many seconds old a file can be at most to be considered for deletion.
Example: A value of 5 deletes only files whose last write time is within the last 5 seconds.

4. Certificate verification

Certificate verification can take a long time in some cases, especially when that verification requires an internet connection. Thus, the values of the verification fields are returned to TC in a background thread.

The hex error codes given by the plugin are system error codes, and as such, are defined in the Windows API header file winerror.h. This header file isn't particularly user-friendly because it's meant for software developers. Here's an example of this file at GitHub, where you can look up the error codes if you really want to.

Unfortunately, I haven't found a Microsoft source listing the error codes in a user-friendly way. But I have found a third-party source. All error codes related to certificates should be listed on the following two pages:
FACILITY_SSPI: the Security API layer.
FACILITY_CERT: a certificate client or server?

5. Known issues and limitations

5.1. Known Issues

5.2. Limitations

6. Frequently Asked Questions

Why is the plugin showing a different value for the Public Key Length, e.g. 4208 instead of 4096 or 2160 instead of 2048?

There are some good explanations in the answers of the following thread on StackExchange: RSA public key and private key lengths.

The gist of it is this: A public key consists of a so-called modulus, an exponent and some other values. What is usually called a "4096 bit key" is a key having a 4096 bit modulus, and some additional bytes. That's why most (if not all) of the keys are longer in reality.
To show the traditional value, the plugin provides an additional field "Pubkey Len2". However, that field has its own set of problems, see Limitations for more information.

Why is the field "Pubkey Len2" empty, not providing any value?

See Limitations in section "Known issues and limitations" above.

Why doesn't the plugin show any information about larger certificate files?

The plugin returns a detect string to Total Commander which includes a file size specification. Currently only files up to one MiB (roughly 1 MB) are considered. If you need to process larger files, you can change the value after SIZE in the plugin's detect string in wincmd.ini.
Example: If you want to process files up to five MiB and the detect string looks like this

1_detect="SIZE < 1048576 & (EXT = "CRT" | EXT="CER"....)"

change it into this:

1_detect="SIZE < 5242880 & (EXT = "CRT" | EXT="CER"....)"

Keep in mind that larger files take a longer time to process.

Why is the plugin creating lots of temporary files in the %TEMP% directory?

The files are created (and not deleted) by the system because of a Windows bug affecting older Windows versions. See Known Issues section for more details and a solution/workaround.

7. License

This software is provided "as is". No warranty provided. You use this program at your own risk. The author will not be responsible for data loss, damages, etc. while using or misusing this software.

The software must not be modified, you may not decompile or disassemble it.

This plugin is copyrighted freeware.

8. Thanks to

9. Contact

If you have found a bug, have a suggestion, improvement, criticism, translation, you can contact me, Dalai, in English or German, at:
Mail: dalai82@gmx.net

Please put "CertificateInfo" somewhere in the subject.

There is a discussion thread in the official TC forum which can be used, too: https://ghisler.ch/board/viewtopic.php?t=77340