How to sign code with only a .SPC file?

StackOverflow https://stackoverflow.com/questions/1654394

  •  11-09-2019
  •  | 
  •  

Question

I use InstallShield 2010 which requires a SPC/PFX and a PVK file to sign my files. I just got a Code Signing CERT but all they gave me was a SPC file. I right-clicked it and installed it in Windows 7. I assume the PVK file is somewhere on this system but I cannot find it using the Certificates MMC, etc.

So how will I use this SPC file in InstallShield to sign my files without have a PVK file? I can view the certificate in "My Store" (Personal certs) and export it to a .CER or P7B but the PFX option is grayed out so I can't export the PVK for some reason.

Is it possible to sign using InstallShield without a PVK file? I'm also concerned what will happen if I have to reload this computer, how will I install this code signing .SPC again with no PVK file? I'm used to keeping PFX files on my backup system. It's a 3 year cert so I imagine in 3 years I am going to reload this computer.

Was it helpful?

Solution 2

The problem was with GoDaddy and their key generation not working with IE 8. After I used FireFox I was able to run the course and then export the required file (p12) etc.

OTHER TIPS

This works from IE, you just have to know the hoops.

Download the .spc certificate from GoDaddy. Go to IE->Tools->Internet Options->Content->Certificates->Personal. If the cert is not there, import it. Once it is there, then you can chose Export->Next->Yes, Export private key->Personal Information Exchange - PKCS #12 (.PFX)

To be really clear, as Neal stated, Firefox is the answer. Although it wasn’t inherently obvious to me at first, the generation of the pvk file is not available in Chrome, nor is it available in IE8 or above. When creating the CSR, you should have two options, automatic and manual. This is not the case when using Chrome or IE8+, only the manual option was available.

While there may be some way to create the hash using Chrome or IE 8+, I did not know how to do it, and was left with the box to enter my own hash. However, when I used Firefox, the automatic option was available and the process was over and done… I installed the certificate, exported the P12 and was ready to roll.

Bottom line is, just do the whole requesting/downloading process with Firefox and save yourself the hassle…

GoDaddy just gives you the .spc file, you have to create your .p12 file. Here is how I did this: 1. Right click myCert.spc, Install Certificate (to install the .spc into Windows) 2. Double click myCert.spc (to open it in certmgr), export to a .cer file. 3. Import that .cer file into Firefox. 4. From with Firefox: backup what you just imported to create a .p12 file.

Then you can use that .p12 file to sign your code.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top