Certificate Checker

Check the status of Apple certificates from .p12, .pfx, or .mobileprovision files. Returns certificate details, OCSP revocation status, and entitlements.

Endpoint

POST /api/certificate-checker

Description

Upload a certificate file and get back full details about the signing certificate inside it — who it belongs to, when it expires, whether Apple has revoked it, and (for mobileprovision files) which entitlements are active.

Supports:

.p12 / .pfx — PKCS#12 certificate files (password required if protected)
.mobileprovision — Apple provisioning profiles (no password needed)

Headers

Header	Value	Required
`Authorization`	`Bearer <your_api_token>`	Yes
`Accept`	`application/json`	Yes
`Content-Type`	`multipart/form-data`	Yes

Body Parameters

Parameter	Type	Required	Description
`file`	File	Yes	A `.p12`, `.pfx`, or `.mobileprovision` file (max 10MB)
`password`	String	No	Password for `.p12`/`.pfx` files. Not needed for `.mobileprovision`.

Example: Check a P12 File

Request

curl -X POST https://developer.nabzclan.vip/api/certificate-checker \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Accept: application/json" \
  -F "[email protected]" \
  -F "password=mypassword"

Response (200 OK)

{
  "success": true,
  "file_type": "p12",
  "certificate_info": {
    "subject": {
      "userID": "XXXXXXXXXX",
      "commonName": "iPhone Distribution: Your Company Name",
      "organizationalUnitName": "XXXXXXXXXX",
      "organizationName": "Your Company Name",
      "countryName": "US"
    },
    "issuer": {
      "commonName": "Apple Worldwide Developer Relations Certification Authority",
      "organizationalUnitName": "G3",
      "organizationName": "Apple Inc.",
      "countryName": "US"
    },
    "serial_number": "123456789...",
    "signature_algorithm": "sha256WithRSAEncryption",
    "validity_period": {
      "valid_from": "2025-01-01T00:00:00+00:00",
      "valid_to": "2028-01-01T00:00:00+00:00"
    },
    "public_key_size": 2048,
    "fingerprints": {
      "sha256": "abcdef1234567890...",
      "md5": "abcdef1234567890...",
      "sha1": "abcdef1234567890..."
    }
  },
  "certificate_status": {
    "status": "Signed"
  },
  "type": "N/A"
}

Example: Check a Mobileprovision File

Request

curl -X POST https://developer.nabzclan.vip/api/certificate-checker \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Accept: application/json" \
  -F "[email protected]"

Response (200 OK)

{
  "success": true,
  "file_type": "mobileprovision",
  "certificate_info": {
    "subject": {
      "commonName": "iPhone Distribution: Your Company Name",
      "organizationName": "Your Company Name",
      "countryName": "US"
    },
    "issuer": {
      "commonName": "Apple Worldwide Developer Relations Certification Authority",
      "organizationName": "Apple Inc.",
      "countryName": "US"
    },
    "serial_number": "123456789...",
    "signature_algorithm": "sha256WithRSAEncryption",
    "validity_period": {
      "valid_from": "2025-01-01T00:00:00+00:00",
      "valid_to": "2028-01-01T00:00:00+00:00"
    },
    "public_key_size": 2048,
    "fingerprints": {
      "sha256": "abcdef1234567890...",
      "md5": "abcdef1234567890...",
      "sha1": "abcdef1234567890..."
    }
  },
  "certificate_status": {
    "status": "Signed"
  },
  "entitlements": {
    "Push Notifications": { "status": "active" },
    "App Groups": { "status": "active" },
    "Associated Domains": { "status": "active" },
    "Apple Sign-In": { "status": "active" }
  },
  "type": "Enterprise Certificate"
}

Certificate Status Values

Status	Meaning
`Signed`	Certificate is valid and not revoked
`Revoked`	Certificate has been revoked by Apple
`Unknown`	OCSP server returned an unknown status
`OCSP URL not available`	Certificate does not have an OCSP endpoint

Revoked Response Example

When a certificate is revoked, extra details are included:

{
  "certificate_status": {
    "status": "Revoked",
    "revocation_time": "Feb  7 07:20:00 2026 GMT",
    "reason": "certificateHold (0x6)",
    "reason_details": "Certificate is temporarily on hold."
  }
}

Certificate Type (Mobileprovision Only)

Type	Meaning
`Enterprise Certificate`	In-house distribution (no App Store, internal use)
`Personal Certificate`	Standard developer certificate (App Store or Ad Hoc)
`N/A`	Returned for `.p12` files (type is determined by provisioning profile, not the cert itself)

Error Responses

Wrong Password (400)

{
  "success": false,
  "error": "Invalid password or PKCS12 data"
}

Invalid File Type (400)

{
  "success": false,
  "error": "Invalid file type. Only .p12, .pfx, and .mobileprovision files are allowed."
}

Missing File (422)

{
  "message": "The file field is required.",
  "errors": {
    "file": ["The file field is required."]
  }
}

Corrupt or Unreadable File (400)

{
  "success": false,
  "error": "Plist data not found in the .mobileprovision file."
}