public static extern SafeCertStoreHandle PFXImportCertStore(ref CryptoData pPfx, [MarshalAs(UnmanagedType.LPWStr)] string szPassword, PfxImportFlags dwFlags);
static IList <SafeCertContextHandle> GetCertificatesFromPfx(byte[] pfxBytes, string password, PfxImportFlags pfxImportFlags) { // Marshal PFX bytes into native data structure var pfxData = new CryptoData { cbData = pfxBytes.Length, pbData = Marshal.AllocHGlobal(pfxBytes.Length) }; Marshal.Copy(pfxBytes, 0, pfxData.pbData, pfxBytes.Length); var certificates = new List <SafeCertContextHandle>(); try { using (var memoryStore = PFXImportCertStore(ref pfxData, password, pfxImportFlags)) { if (memoryStore.IsInvalid) { throw new CryptographicException(Marshal.GetLastWin32Error()); } var certificatesToImport = GetCertificatesToImport(pfxBytes, password); foreach (var certificate in certificatesToImport) { var thumbprint = CalculateThumbprint(certificate); // Marshal PFX bytes into native data structure var thumbprintData = new CryptoData { cbData = thumbprint.Length, pbData = Marshal.AllocHGlobal(thumbprint.Length) }; Marshal.Copy(thumbprint, 0, thumbprintData.pbData, thumbprint.Length); var certificateHandle = CertFindCertificateInStore(memoryStore, CertificateEncodingType.Pkcs7OrX509AsnEncoding, IntPtr.Zero, CertificateFindType.Sha1Hash, ref thumbprintData, IntPtr.Zero); if (certificateHandle == null || certificateHandle.IsInvalid) { throw new Exception("Could not find certificate"); } certificates.Add(certificateHandle); Marshal.FreeHGlobal(thumbprintData.pbData); } return(certificates); } } catch (Exception ex) { throw new Exception("Could not read PFX", ex); } finally { Marshal.FreeHGlobal(pfxData.pbData); } }