Certificates of the second category contain keys marked AT_SIGNATURE. This last ones can be used only to sign code. And it seems that AT_SIGNATURE-keys are the only keys supported by the automatic signing feature of Visual Studio 2005. “If the EKU (Extended Key Usage) or KU (Key Usage) setting for the certificate is set, it must also explicitly contain the Code Signing setting.” (http://msdn2.microsoft.com/en-us/library/aa730868(vs.80).aspx)
Is there a way to re-mark a certificate with a key specification of AT_SIGNATURE in order to enable using it with Visual Studio 2005?
Andreas Klein, a distinguished Microsoft Escalation Engineer, was so kind as to provide an easy and elegant way out: just use the tool CertUtil to create a new the PFX-file with KeySpec set to AT_SIGNATURE.
Hi Maro/Support ppl manging this forum,
I faced the same problem, one of which is linked with chanied certificates and its resolution is given in FAQ’s section. The other one is mentioned above by Maro.
I have followed the same process, every thing goes smooth until I get back to Certificates Repository to export the certificate (which is imported with KeySpec value = AT_SIGNATURE). It never gives me option “Yes, export the private key” [Always disabled]. This eventually does not let me export this changed certificate as a pfx file. (I want to use that PFX file then in VS-2005).
In vista by defaulst the certificates will be stored in CSP, you can contact the support team at support@comodo.com to get instruction on exporting the certificate with private key.