PDA

View Full Version : Code Signing - pkcs12



NewsArchive
07-06-2011, 01:43 AM
So Microsoft changes the rules again? I just finished renewing my Comodo
certificate. They say "the new format is pkcs12, we don't provide pvk or
spf files. That have been deprocated."

So, what do I do now? I am SO confused. The cert is installed into
Firefox. If I try to export it, I a variety of types. all with ".crt"
extensions. If I try to back it up, I get only ".pkcs12", which actually
generates a .p12 file.

Help?

I hate this time of year.

Glenn Paschal

NewsArchive
07-06-2011, 01:43 AM
Update: I was able to import the P12 file into IE, and then export a PFX.
All works now.
guess I jumped the gun.

Thanks,
--Glenn .

NewsArchive
07-06-2011, 01:44 AM
Hi Glenn,

> They say "the new format is pkcs12, we don't provide pvk or spf files.
> That have been deprocated."

Just curious, who told you the above? Comodo? It's still possible to get
the certificate in form of .PVK/.SPC and .PFX. Nothing changed.

> If I try to back it up, I get only ".pkcs12", which actually generates a
> .p12 file.

There is no difference between a .PFX and .P12. Both are PKCS #12 files
(Personal Information Exchange Syntax). Both file extensions (.pfx and
..p12) refer to files that contain PCKS #12 content.

BTW, here are some interesting readings:

http://www.lindersoft.com/CodeSign.pdf
http://www.lindersoft.com/forums/showthread.php?t=8279
http://www.lindersoft.com/forums/showthread.php?t=9498

Friedrich

--
Friedrich Linder
Lindersoft
www.lindersoft.com
+1.954.252.3910

SetupBuilder is Windows 7 installation -- "point. click. ship"

-- Official Comodo Code Signing and SSL Certificate Partner

NewsArchive
07-07-2011, 12:36 AM
And they are also enforcing VeriSign on us.

--
Russell B. Eggen
www.radfusion.com

NewsArchive
07-12-2011, 12:43 AM
Yes, it was Comodo that said this. I was unable to find a way to get the
pvk/spc, but did get the pfx by backing up from Firefox, restoring into IE,
and then exporting the pfx from IE.

Glenn Paschal

NewsArchive
07-12-2011, 12:44 AM
Hi Glenn,

> Yes, it was Comodo that said this. I was unable to find a way to get the
> pvk/spc, but did get the pfx by backing up from Firefox, restoring into
> IE, and then exporting the pfx from IE.

Interesting... I think (but I am not sure) they thought that you are using
an UAC-aware operating system.

In XP, it's still possible to "order" the .spc/.pvk pair.

http://www.lindersoft.com/forums/showthread.php?t=8279

Friedrich

NewsArchive
07-12-2011, 12:44 AM
BTW, according to Comodo, exporting your .pfx file to .spc & .pvk files can
be done by installing OpenSSL, and following these directions:

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=1089&nav=0,96,7

But there is no need to do this because SetupBuilder supports both .pfx and
..spc/.pvk

Friedrich