2

I have used this link to create a CSR for GoDaddy code signing (done in Linux environment though)

  • I got the spc file from Goddady
  • Followed their documentation
  • Creating the pfx file as per their documentation
  • Downloading the certificate and installing it
  • MMC works but after that the things doesnt go as described there.

What we have is PKCS7 and to follow the documentation we need a PKCS12, the options are shaded out at exporting the certificate

Can anyone suggest me the proper steps to do this and generate a pfx and then do code signing?

Patrick Mevzek
  • 9,273
  • 7
  • 29
  • 42
Naveen Thomas
  • 21
  • 1
  • 7

1 Answers1

0

  1. Generate p12 file from keystore file using keytool

    keytool -importkeystore -srckeystore E:\path\mycodesignstore -srcstorepass yourpassword -srckeypass password -destkeystore E:\path\filename.p12 -deststoretype PKCS12 -srcalias mycodesigncert -deststorepass password -destkeypass password

  2. Fetch private key from p12 file using openssl:

    openssl pkcs12 -in E:\path\filename.p12 -passin pass:password -nocerts -out E:\path\filename.key -passout pass:password

  3. Convert private key file to pvk file:

    openssl rsa -in E:\path\filename.key -outform PVK -pvk-strong -out E:\path\filename.pvk

  4. Generate pfx file from spc and pvk file:

    pvk2pfx.exe -pvk E:\path\filename.pvk -pi password -spc E:\path\yourspcfile-SHA2.spc -pfx E:\path\filename.pfx -po password -f

  5. Sign the exe file pfx file:

    SignTool sign /f E:\path\filename.pfx /p password /tr http://tsa.starfieldtech.com /td SHA256 E:\path\yourexe_to_sign.exe

Naveen Thomas
  • 21
  • 1
  • 7
  • `pvk2pfx` docs can be found here. https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/pvk2pfx. It's a tool which is part of the Windows SDK. – Per Lundberg Oct 24 '18 at 08:34