Installing a Code Signing Certificate in Windows
After the information submitted during the purchase process has been validated, an email will be sent which will contain a link to download the code signing certificate. The private key should already exist on the machine where the purchase was made, usually in a file specified during the purchase process.
After the code signing certificate is downloaded, you will have a private key file (.pvk) and a code signing certificate (.spc). These two files need to be exported into a combined bundle that can be used to sign Microsoft Office or Java applications. The Microsoft tool pvmimprt.exe can be used to combine the two files into a PKCS#12 file, with a PFX extension.
To Combine the Private Key and Code Signing Certificate Files
- Download the PVK Digital Certificate Files Importer from Microsoft.
- Issue the following command from a command prompt after changing the working directory to the folder containing the PVK and SPC files, replacing the file names with the appropriate names of your private key and code signing certificate files. The order of the two files must be in the order specified.
pvkimprt -PFX mycert.spc mykey.pvkAfter you enter the password associated with your private key (if any), the certificate export wizard displays. Click Next - In the Export Private Key window, select Yes, export the private key and click Next.
- Select Personal Information Exchange - PKCS #12 (.PFX). Make sure that Include all certificates in the certification path if possible and enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) are checked. Click Next.
- Enter a password. Since your private key is contained in the file, you should use a strong password and safeguard the PKCS#12 (PFX) file that is created by the wizard. Click Next.
- Specify the location for the file using the .pfx extension. Click Next.
To Install the PFX File Into the Windows Certificate Store
NOTE: Do not attempt to use the import feature of PVKImprt.exe, since it does not properly install the intermediate certificates that may be contained in the PFX file. Microsoft also now discourages use of PVKImprt.exe for importing, due to platform differences between the various versions of Windows.
- From Internet Explorer, select Tools and then Internet Options. Click the Content tab and press the Certificates button.
- In the Certificates window, click Import and select your .PFX file. Click Next. In the Password window that displays enter the password you assigned to that .PFX file. Make sure that Enable strong private key protection... and Mark this key as exportable... are selected.
- Click Next.
- Accept the defaults and click Next.
When you are ready to begin signing code, see Signing Windows Code with Microsoft SignTool.