The process of code signing confuses not only those who do it for the first time but those too who have done it earlier probably because documentation is proportionately fairly low for the complexity of the steps involved. Here, I’ve tried to describe the procedure in a little detail:

Combining the private key and code signing certificate files:

It’s your prerequisite to download the PVK Digital Certificate Files Importer from Microsoft. You need to run the following command from a command prompt after you change the working directory to the folder containing the PVK and SPC files and replace the file names with the appropriate names of the private key and code signing certificate files. Make sure that the order of the two files is as specified here.

pvkimprt -PFX mycert.spc mykey.pvk

Now proceed as follows:

#1. Enter the password associated with your private key (if any). The certificate export wizard will display. Click Next.

#2. Select “Yes, export the private key” in the Export Private Key window. Click Next.

#3. The export file format window will display. Select Personal Information Exchange – PKCS #12 (.PFX). Make sure that the following are checked: “Include all certificates in the certification path if possible” and “Enable strong protection” (requires IE 5.0, NT 4.0 SP4 or above). Click Next.

#4. The Password window will display. Enter a password (preferably a strong password to safeguard the PKCS#12 (PFX) file created by the wizard since your private key is contained in it). Click Next.

#5. The File Export window will display. Specify the location for the file using the .PFX extension. Click Next.

#6. Install the PFX File into the Windows Certificate Store.

Caution: Do not attempt to use the import feature of PVKImprt.exe since it creates problems with proper installation of the intermediates certificates that may be contained in the PFX file. Now Microsoft also discourages the use of PVKImprt.exe for importing due to platform differences between the various versions of Windows.

#7. Select Tools and then Internet Options in Internet Explorer. Click the Content tab and press the Certificates button. The Certificates window will display.

#8. Click Import and select your .PFX file in the Certificates window. Click Next.

#9. The Password window will display. Enter the password you assigned to that .PFX file. Make sure that the following are selected: “Enable strong private key protection” and “Mark this key as exportable.” Click Next.

#10. The Certificate Store window will display. Accept the defaults and click Next.

Whew! Your code signing certificate is now installed.