How to obtain the CPF / CNPJ number of a digital certificate of type e-CPF / e-CNPJ in models A1 and A3?


I'm developing an alternative method for login via certificate, without needing java or a specific language, just http and php to process backend information (but that could be handled by any other language that processes http). The most common methods that exist are the , but it has a low interoperability limiting itself to languages such as .NET and Java. In addition, this method depends on their web-service in order to obtain the certificate's CPF, in case the system is out, it is not possible to protect the user.

We know that you can request the #, which enables the web server to open a request the client certificate within a pre-selected certificate chain , which will do exactly what Certsign does.

The data I can extract from an NF-e certificate are these (obfuscated):

We have already requested an e-CPF and an e-CNOJ, the question is, where within the public data of the certificate are the information regarding the number of cpf or cnpj?

asked by anonymous 05.04.2017 / 15:21

1 answer


After obtaining a valid A1 and A3 certificate (and not the tests that were used to prepare the question), it was possible to identify that in the S_DN_CN field of the certificate it contains the document name and number.

In the Distinguished Name (DN) no Common Name(CN) group of the certificate it is possible to display a String consisting of the Name (e-CPF) or Social Reason (e-CNPJ) followed by a colon ":" and the numeric sequence of the CPF or of the registered CNPJ.

For example:

In php you can get through the SSL_CLIENT_S_DN_CN , example:


    list ($nome, $documento) = explode(":", $ssl["SSL_CLIENT_S_DN_CN"]);

After this you can apply cpf and cnpj test algorithms to identify which document type represents this certificate.

The description of the composition of the DN can be found in item 2.1.12. Composition of the Distinguished Name (DN) of the e-CPF certificate and 3.1.12. Composition of the Distinguished Name (DN) of the certificate e-CNPJ of the documentation link

11.04.2017 / 17:36