Transform your Certificates to a PVK + SPC Combination

Global Support Centre > Code Signing > PVK + SPC Combination

How to Transform your Certificates to a PVK + SPC Combination

  1. Export your certificate to a pfx file (be sure to check "Include all certificates in the certification path if possible").Click here for export instructions
  2. Install openssl. You can find compiled binaries on www.openssl.org
  3. Extract your private key from the pfx file with the following command:
    • ->openssl pkcs12 -in <pfx-file> -nocerts -nodes -out <pem-key-file>
    • Enter the pfx password when prompted
  4. Download the pvk transform utility from: http://www.globalsign.com/support/code-signing/PVK.zip
    • -> pvk -in(pem-key-file) -topvk -out (pvk-file) Example: -> pvk -in SOMETHING.PEM -topvk -out SOMETHING.pvk
  5. Extract your certificates from the pfx file with the following command:
    • openssl pkcs12 -in <pfx-file> -nokeys -out <pem-certs-file>
    • Enter the pfx password when prompted
  6. Transform your pem file to a spc file with the following command:
    • ->openssl crl2pkcs7 -nocrl -certfile <pem-certs-file> -outform DER -out <spc-file>

How to combine spc and pvk to a keystore certificate

  1. Download and install the pvkimport utility here: http://office.microsoft.com/downloads/2000/pvkimprt.aspx
  2. To export it to a pfx (pkcs12) use this command:
    • pvkimprt -PFX <spc-file> <pvk-file> <pfx-file>
  3. To import it immediately to your keystore = registry do this:
    • pvkimprt -import <spc-file> <pvk-file>
    • Enter the pfx password when prompted
  4. The Import Wizard will open, click Next to continue

    5. Import Wizard

  5. Let the system decide the location

    6. Location

  6. Click Finish to complete the import

    7. Finish Import

  7. Your certificate should now be available to your system. You can sign with Signcode from Microsoft.