The Digicert Certificate Utility is probably one of the best certificate management tool out on the net.
A lot of people become scared with key-pair encryption but key-pairs/certificates are actually fundamental easy to figure out. Unlike SSL certificates, code signing certificates perform the function of signing. Code signing certificates creates a tamper proof digital shrink wrap of your application software files and denotes to those who download or install the application who created/published it.
Although Some Certificate Authorities my separate their Code Signing Products and have different ways to Enroll and Install. The Digicert Certificate Utility is cross platform meaning your can signing the following files with the same certificate. .exe, .cab, .dll, .ocx, .msi, .xpi, .xap, windows kernel-mode. Java. jre and Adobe Air.
- Sign or re-sign code or software
- Create a CSR from your system (optional)
- Sign applications with a single click
- Sign drivers and other system files
- Verify signed applications
- Time stamp applications
- Repair private key errors
- Automate application signing
Things to know:
- The Digicert Certificate Utility Code Signing Automatically refers to Microsoft user account certificate stores on the system. Some Certificate Authorities (CA) will use or request Internet Explorer for certificate enrollment and installation. Digicert will automatically pick up the certificate and import it into its code signing store if this is the case.
- Whenever you export your code signing certificate you will include the private key or else the certificate will not be functional. This will give you a .pfx/p12 file that your developers will use to sign code.
For a comprehensive Guide to this tool Check our article Digicert Certificate Utility – Code Signing (Guide)
For what ever reason you may need to export your code signing certificate to distribute to other code developers within your organization/team. This article is going on the assumption that your code signing certificate is already imported into the Digicert Certificate Utility.
How to Export Your Code Signing Certificate as a pfx/p12 from the Digicert Utility.
Depending on the circumstance you may need to export your code signing certificate to wherever else it is needed.
Note: Exporting your code signing certificate from the Digicert Certificate Utility pertains to standard non EV code signing certificates that have been imported into the Certificate Utility.
- Run the Digicert Certificate Utility by Double-clicking the DigicertUtil.exe.
- In the Digicert Certificate Utility, Click Code Signing.
- Select the certificate that you want to export and then click Export Certificate.
- In the Certificate Export wizard, select Yes, export the private key.
- Select PFX file
- Check Include all certificates in the certification path if possible.
- (Optional) If performing Kernal Signing, Check Include kernel mode driver signing certificate path.
Note: Depending on the format and whether or not a Cross-Certificate was originally imported into this system you may not see this option. Don’t worry about it if you are not Microsoft Kernal Mode Signing.
- Click Next.
- In the Password and Confirm Password fields enter and confirm a password you can remember.
Note: This password is required when you install your code signing certificate into any other system, or perform signing with certain applications. Do not forget it. If you do then you will have to re export the certificate and create a new password. - Click Next.
- Next to the File Name field click the … to browse to a location and path you want to save your .pfx file. Give it a name of your choice, click Save and then Finish when done.
- You will receive a message stating that the export was successful, click OK.
Congrats you have exported your certificate and are now able to distribute it as you see fit.