Apparently there are two kinds of code signing certificates…
The first category, where the key is marked AT_KEYEXCHANGE “can be used for symmetric encryption or signing or both, depending on the algorithm.” (IX509PrivateKey::get_KeySpec (certenroll.h) - Win32 apps | Microsoft Learn). These certificates can be used to sign code using tools like signcode.exe or signtool.exe. But if you try to use automatic signing from inside Visual Studio 2005, you will get the message “Object already exists” (Title: “Error during Import of the Keyset”) and the build will fail (Andreas Klein | Microsoft Learn). I submitted a bug report to the Visual Studio Team (Bing).
Andreas Klein, a distinguished Microsoft Escalation Engineer, was so kind as to provide an easy and elegant way out: just use the tool CertUtil to create a new the PFX-file with KeySpec set to AT_SIGNATURE.
Hi Maro/Support ppl manging this forum,
I faced the same problem, one of which is linked with chanied certificates and its resolution is given in FAQ’s section. The other one is mentioned above by Maro.
I have followed the same process, every thing goes smooth until I get back to Certificates Repository to export the certificate (which is imported with KeySpec value = AT_SIGNATURE). It never gives me option “Yes, export the private key” [Always disabled]. This eventually does not let me export this changed certificate as a pfx file. (I want to use that PFX file then in VS-2005).
In vista by defaulst the certificates will be stored in CSP, you can contact the support team at support@comodo.com to get instruction on exporting the certificate with private key.