Your Certificate Authority will supply one of the following:<\/p>\n
For the second and third case, these file must be converted to a Personal Information Exchange<\/a> (.pfx), using the Pvk2Pfx.exe<\/a> tool.<\/p>\n Syntax for .spc conversion:<\/p>\n The syntax is identical for .cer conversion:<\/p>\n Signtool.exe<\/tt> can be used to sign executables (.exe) and Dynamic Link Libraries (.DLL).<\/p>\n Where timeurl<\/tt> is the URL of your Certificate Authority’s timestamp server (e.g. http:\/\/timestamp.verisign.com\/scripts\/timestamp.dll for VeriSign)<\/p>\n \/pa<\/tt> indicates that the “Default Authenticode” verification policy is used. Omitting the switch will cause the verification to fail, which does not necessarily mean that a given file isn’t Authenticode signed.<\/p>\n Obtain a Software Publisher Certificate Your Certificate Authority will supply one of the following: a Personal Information Exchange (.pfx) file a Software Publisher Certificate (.spc), and a Private Key (.pvk) file a CER-encoded X.509 Certificate (.cer), and a Private Key … Continue reading Convert SPC or CER to Personal Information Exchange (.pfx)<\/h3>\n
\n
pvk2pfx -pvk filename.pvk -pi password -spc filename.spc -pfx output.pfx<\/pre>\n<\/blockquote>\n
\n
pvk2pfx -pvk filename.pvk -pi password -spc filename.cer -pfx output.pfx<\/pre>\n<\/blockquote>\n
Sign the Executable<\/h2>\n
Basic Signature<\/h3>\n
\n
signtool.exe sign \/v \/f filename.pvk \/p password executable<\/pre>\n<\/blockquote>\n
Signature With Timestamp<\/h3>\n
\n
signtool.exe sign \/v \/f filename.pvk \/p password \/t timeurl executable<\/pre>\n<\/blockquote>\n
Signature Verification<\/h3>\n
\n
signtool verify \/pa executable<\/pre>\n<\/blockquote>\n
Resources<\/h2>\n
\nWindows Driver Kit: Device Installation, Software Publisher Certificate<\/a> (MSDN)\nPKCS12<\/a> is the successor to PFX.\n<\/ul>\n","protected":false},"excerpt":{"rendered":"