Thanks for the reply but that documentation is now out of date with the latest Windows 7.1 sdk from Microsoft, If I'm not mistaken it is now called: pvk2pfx.exe
but when I try that I get an error:-
pvk2pfx -pvk mykey9.pvk -spc mykey9.spc -pfx mykey9.pfx
ERROR: Password incorrect or PVK file corrupted.
(Error Code = 0x80090005).
This is the same problem when I use signtool with pvk and spc.
You're most likely using the wrong SPC/PVK file combination or the password is wrong.
So I was wondering wether it would be possible to use the certificate placed in IE when I ordered instead You know the certifcate comodo put in IE certificates
I don't think you can because that appears to have been revoked when you got the replacements.
- should that have a private key by default?
If you added it via the SPC file, no. If we did, then usually it does.
just thinking if it's todo with IE8, do you know people who have successfully gone through this process in IE8?
It has nothing to do with IE8 and everything to do with the Microsoft Certificate Enrollment ActiveX control. It's a bit wonky.
I've been trying to get this to work now for over 2 months + 2 free renews & countless support emails going over the same things to different support staff over and over again... I don't think another renew will make any difference, I need to try something different. ( in 2009 I did this and it worked straight away but then I was on XP sp2 and IE6)
Simply put, you need to use Firefox and export it out as a P12/PFX file for use with signtool. It's the one thing that support certificate enrollment really well. You will need to go through one more re-issue to achieve this. Re-open a ticket with our Support team and get your certificate re-issued, this time using Firefox.
Another question, why don't you simply send the .pfx when ordering, it would make things a lot lot easier.
While it would make things easier, it compromises the integrity of the certificate since another party now has access to the private key. What happens when you apply for these types of certificates on IE is a little ActiveX control creates a CSR/PrivateKey pair on your local machine and sends us the CSR and we then kick out a certificate after the validation process. As a result, we never see the private key.
do you keep a record of the pvk password entered on your website? (I used the same one as I used in 2009)
No, for security reasons we do not.
Author