I have collected my code signing certificate but where is my private key?

I ordered Comodo code signing certificate for Microsoft Authenticode signing.

I received the email to say my code signing certificate is ready and I clicked on the link which entered a collection code. The certificate installed into my web browser and I see it as a certificate (also in certmgr.msc). The certificate says “You have a private key that corresponds to this certificate.” But how do I find my private key? I don’t remember doing anything relating to a private key?

Is the private key stored in the certificate? Is there any way I can extract it?


I worked it out.

This is what you need to do after downloading your certificate:

You need to view the certificate that you downloaded. There are a number of ways of viewing, possibly the simplest to explain on windows is Start… run… certmgr.msc

In section Personal, Certificates you should see the certificate - for mine the name of it was my full company name.

Open the certificate, select Details tab and click on Copy to File… button.

The Certificate Export Wizard now appears. Click Next and select Personal Information Exchange - PKCS #12 (.PFX), click Next.

The pfx file contains your certificate and both public and private keys (Note this means you should be careful to protect this file).

You are now prompted to enter a password to protect your private key. Enter something suitable and strong ideally (just in case someone gets hold of your pfx file) and click Next.

Then browse to where you want to save your file and give it a name.

That’s it, the pfx file is all you need to start signing.

I use a batch file to sign like this:

“C:\Program Files\Microsoft Platform SDK\Bin\signtool.exe” sign /f mycompany.pfx /p /d “Win Ball Test” /du “http://www.mydomain.com” /v /t Timestamp Server And Stamping Protocols | Sectigo® Official winball.exe