PDA

View Full Version : Code Signing with P7B



MarkDynna
04-07-2022, 01:41 PM
We recently had our Code Signing certificate re-issued and we were provided with a P7B file. It doesn't seem that SetupBuilder can use the certificate in this format to sign the install file? Is there another way that the installer can be signed or the file converted to a different format?

MarkDynna
04-08-2022, 03:19 PM
I figured it out with the help of DigiCert support and three different utility programs (ugh).

In case anyone else comes across this:
1. Make sure you install the certificate on the same computer that generated the Certificate Signing Request file (CSR)
2. Install the certificate
3. Export it as a PFX (may need to use a special utility, like Digicert's)
4. Use a combination of OpenSSL and the PVK transform utilities to create the SPC and PVK files. (https://ca.godaddy.com/help/converting-an-exported-pfx-code-signing-file-to-pvk-and-spc-files-using-windows-6034)

What a mess. I'm glad this is only every 3 years.

linder
04-10-2022, 06:54 AM
Mark,

the one million dollar question is, why did you receive a P7B file? P7B files only contain certificates and chain certificates (Intermediate CAs), not the private keys. As far as I know, all WebTrusts provide .PFX files by default.

http://www.lindersoft.com/forums/showthread.php?48025-code-sign-certificate-process-2020

https://www.setupbuilder.com/downloads/Comodo2020.pdf

Friedrich