Where is the private key?

When I use the system to order a code signing certificate in IE6 there is an option to save the private key in a file which by default is C:\mykey.pvk.

When I used IE7 under Vista and also Firefox there is no option to specify the file name, and I don’t see a file being created anywhere. Since the signcode tool needs this file, as well as the .spc, when signing code, this could be a bit of a problem. (I used IE6 to get my own certificate, so I wasn’t aware of it.)

What do you do if you use one of these other browsers? Sorry if this is documented but I couldn’t find it anywhere (indeed, help on how to get and use code signing certificates seems quite thin on the ground which is why I decided to write an article on how to do it in the first place.)

I ran into that issue as well. As far as I can tell, it only works with IE 6 or IE 7 on Windows XP.

It simply does not work with Firefox or with Windows Vista.

I encountered this while working with a Comodo support person and they were not aware of any alternative.

Hi,
Didn’t you try to change the path to the key? Vista with enabled UAC doesn’t allow to create files in the root of c:… try something like C:\SomeFolder\mykey.pvk

Thanks,
Serhiy

I didn’t see an option to specify a filename at all. I think the answer to the question is that IE7 / Vista stores the private key and certificate in the browser certificate store. It doesn’t offer an option to save it to a file. You have to export it to a PFX file afterwards, as a separate process.

Someone told me that, so I can’t confirm it, as I already ordered my own certificate using IE6 / XP.

Hi Guys,

I had this problem myself.

It is possible to export the certificate as a PFX and then use the information in this knowledge base article (CONTACT US - Comodo: Cloud Native Cyber Security Platform) to extract certificate and private key files.

I think the address for OpenSSL on Windows is wrong though - you need to go to Win32/Win64 OpenSSL Installer for Windows - Shining Light Productions instead.

I have done this and am just about to try signing my files with the SPC and PVK files I’ve generated.

I wasn’t aware of that article. Only about a week ago I wrote this article explaining how to convert a PFX to a PVK / SPC pair.