Creating Code Signing PFX File
Generate CSR for code or driver signing certificate
https://www.godaddy.com/help/windows-generate-csr-for-code-or-driver-signing-certificate-7282??v=1Add certificates snap-in to MMC
- In your Windows search feature, enter mmc, and then click it to launch the #Microsoft Management Console application.
- From File, click Add/Remove Snap-in.
- Click Certificates and then click Add.
- Select Computer account, and then click Next.
- Select Local computer, and then click Finish.
- Click OK.
Generate CSR & private key
- In MMC, expand Certificates (Local Computer) and then Personal.
- Right-click Certificates, and then go to the following menus: All Tasks > *Advanced Operations > Create Custom Request.
- Click Next.
- Click Active Directory Enrollment Policy.
- From Template, click Web Server.
- Ensure the Request format is PKCS #10, and then click Next.
- Click the downward-facing arrow next to Details, and then click Properties.
- From the Type menu, select the following values, enter the corresponding Value, and then click Add:
Type | Value |
Common name | Your business or organization's name |
Organization | Your business or organization's name |
Locality | Your business or organization's address |
State | The state where your business or organization resides |
Country | The country where your business or organization resides |
- Click the General tab, and then enter a Friendly name you can use to refer to the certificate.
- Go to the Private Key tab, click Key Options,
- Select Make private key exportable.
- Set key size to be 2048 (for GoDaddy)
- Click OK, and then click Next.
- Browse for the location where you want to save the file, enter a File Name, and then click Finish.
Install code/driver signing certificate & create PFX file
https://www.godaddy.com/help/windows-install-codedriver-signing-certificate-and-create-pfx-file-2698?locale=enDownload your certificate
- In the SSL Certificate manager, next to your code signing certificate, click View status.
- Click Download.
- Click Download Zip File.
- Open the ZIP file and move the file that ends in SHA2.spc to an accessible location.
Install your certificate in MMC
- In your Windows search feature, enter mmc, and then click it to launch the Microsoft Management Console application.
- Expand Certificates (Local Computer), Personal.
- Right-click Certificates, and then go to the following menus: All Tasks > Imprt.
- Click Next.
- Browse for the SPC file — to find it, you'll need to change the file type to PKCS #7 Certificates (*.spc, *.p7b).
- Click Next.
- Select Place all certificates in the following store and ensure the value is Personal.
- Click Finish.
Create the PFX file
To create a PFX file (which you'll use with SignTool or Visual Studio), you need to combine your certificate file and your private key in MMC.- In MMC, right-click your certificate (it will have your Common Name value displayed in the Issued To column), and then click Export.
- Click Next.
- Select Yes, export the private key.
- Under Personal Information Exchange..., select “Include all certificates in the certification path if possible”.
- Enter and confirm a strong password to secure the certificate, and then click Next.
- Browse to a location to store the combined file, and then click Next.
- Click Finish.
The PFX file is now stored locally on your computer.