How to Export Code Signing PFX Certificate with the DigiCert Utility Tool
Note: This is outdated content after the new CA/B code signing baseline changes effective June 2023. The Code Signing Certificate is now not exported; private keys must be marked as non-exportable!
Code signing means putting a digital signature on executables and scripts as proof from the software author or developer that the code has not been subjected to tampering or altering since it was signed.
A code-signing certificate is a digital certificate containing information about the certificate owner’s identity and a public key that is used to verify the authenticity of the code-signing process.
Code signing is used to provide security and trust in software distribution. When users install software that has been signed with a valid code signing certificate, they can be sure that the software comes from a trusted source and has not been tampered with. Code signing also helps to prevent malware from being distributed under the guise of legitimate software.
Many software owners or developers are intimidated by key-pair. But the truth is that key pairs or certificates are quite convenient and simple to understand.
Code Signing Certificates, unlike SSL certificates, are responsible for signing codes and developing a tamper-proof digital shrink wrap of executable files and showing the software publisher’s or owner’s authenticity to one who downloads or installs the software.
Windows servers use .pfx files containing the SSL certificate and the associated private key files. DigiCert offers the public key file, after which the server can generate the associated private key file. This will be done as a part of the CSR.
For the functioning of the Code Signing Certificate, possessing both the public and private keys is ideal. So, if you need to transfer your SSL certificates from one server to another, export them as a .pfx file.
Many Certificate Authorities differentiate their Code Signing Products and have different ways of enrolling and installing them. However, the DigiCert Certificate Utility is cross-platform, which means one can sign the following list of files with the same certificate.
- .exe
- .cab
- .dll
- .ocx
- .msi
- .xpi
- .xap
- Windows kernel-mode
- Java. jre
- Adobe Air.
The DigiCert Utility tool efficiently manages and installs SSL/TLS certificates. With DigiCert Utility, you can view, install, and export your SSL/TLS certificates and manage your account and certificate orders. The utility is available as a standalone application that you can download and install on your computer or access online through the DigiCert website.
Before we talk about exporting the Code Signing PFX Certificate, let us see the process of downloading the DigiCert Certificate Utility.
To download the DigiCert Certificate Utility, follow these steps:
Step-1: Open a web browser and open this DigiCert Page (https://www.digicert.com/support/tools/certificate-utility-for-windows).
Step-2: Click on the Download button.
Step-3: Once the download (.zip file) is complete, you can run the utility by double-clicking on the downloaded file (DigiCertUtil.exe).
Now that you have downloaded the DigiCert Certificate Utility tool let us now understand what a PFX certificate is.
Now that you have downloaded the DigiCert Certificate Utility tool let us now understand what a PFX certificate is.
What is a Code Signing PFX Certificate?
A Code Signing PFX Certificate is a digital certificate used to sign software and other digital content. It helps to ensure the integrity and authenticity of the content and protect it from tampering.
Typically, it is stored in a Personal Information Exchange (PFX) file, a format used to store digital certificates and private keys. The PFX file is encrypted and requires a password to be accessed.
When you import a PFX file, you will be prompted to enter the password to unlock the certificate and private key.
PFX files can be created and managed using various tools, including Microsoft’s Certificate Manager and OpenSSL. They can be used to sign various types of software, including executables, drivers, and other types of code.
PFX files are a valuable tool for managing code signing certificates and ensuring they can be used on different systems as needed.
Let’s talk about exporting a Code Signing PFX Certificate with the DigiCert Utility tool.
What are the Steps to Export Code Signing PFX Certificate with the DigiCert Utility Tool?
Here are the steps you should follow:
Step-1: Double-click on the DigiCertUtil.exe file for running the DigiCert Certificate Utility.
Step-2: You will find the SSL tab on the DigiCert Certificate Utility. Click on it.
Step-3: Here, choose the SSL certificate that must be exported, then click on the Export Certificate button.
Step-4: You will find the export the private key in the Certificate Export wizard. From there, select Yes and choose the format as a pfx file. Make sure to check the Include all certificates in the certification path if possible option.
Step-5: Enter and confirm a password in the Password and Confirm Password fields. Remember this password, as it will be required when you install or import the code signing certificate into another system.
Step-6: Click Next.
Step-7: You will find three dots beside the File Name field. Click on it to browse to the location and path where you want the .pfx file to be saved. Give the file a name you want, and then click on Save. When done, click on Finish.
Step-8: After completing all the steps, you will get a message that says, ‘export was successful.’ After this, Click on OK.
Follow the instructions to export Code Signing PFX Certificate with the DigiCert Utility.
Summarizing
Once you have completed the DigiCert Utility export process, your code signing certificate should be saved as a PFX file in the specified destination directory. The PFX file will contain both your code signing certificate and the associated private key, and it will be protected with the password you specified.
Cheap Code Signing Certificates
Prevent Code Tampering and Authenticate Code Integrity by Digitally Sign your Code with Trusted Code Signing Certificates.
Starting at Just $210.99/Year