Create CSR for GoDaddy Code Signing Certificate
The following detail the steps to be taken to create an appropriate CSR file that can be sent to GoDaddy to have them create a PKCS #7 certificate. Which can then be imported into the certificates store and then exported to a *.pfx file.
Generating a CSR for signing Windows Code
- Open certmgr.msc
- Right click the “Personal” node.
- Navigate to All Tasks > Advanced Operations > Create Custom Request.
- Select “Proceed without enrollment policy” and click Next.
- Make sure the Request Format is PKCS #10 and select Next.
- Expand Details and select Properties.
- Under the General tab you need to give the certificate a descriptive friendly name.
- Under the Subject Tab you need to include a valid value for the following attributes:
Common Name – The name of your business.
Organization – The name of your business.
Locality – The physical location your business resides.
State – The territory where your business resides.
Country – The primary country your business operates in. - Under Extensions, make sure to add “digital signature” and “key encipherment” and “key certificate signing”.
- Under Extender Key usage (Application Policies) make sure to add Code Signing.
- Under “Private Key”, make your key size at least 2048. Select “Make your private key exportable”. Do NOT select “Strong private key protection”. Under Hash algorithm select “Sha256”. Click OK.
- Select next, and export your CSR in Base 64 format. Open this in notepad and paste the contents into SSLTrust SSL Configuration Panel for the Certificate you have ordered so that we can process your certificate request. Remember to use Internet Explorer or Chrome as Firefox maintains its own Certificate Store and will not function as expected.
Reference: https://www.ssltrust.com.au/blog/code-signing-certificates/