Windows: Install code/driver signing certificate & create PFX file

After verifying your code or driver signing certificate request, we issue your certificate. You can then download your certificate, install it in Microsoft Management Console (MMC), and create a PFX file. You'll then use this PFX file to sign your code with Microsoft SignTool (code signing) or Visual Studio (driver signing).

Warning:

To create the PFX file, you must use the same machine you used to generate your CSR.

Download your certificate

  1. In the SSL Certificate manager, next to your code signing certificate, click View status.
  2. Click Download.
  3. Click Download Zip File.
  4. Open the ZIP file and move the file that ends in SHA2.spc to an accessible location.

    Note: For Windows Vista drivers, use the file ending in SHA1.spc.

    For Windows 7 drivers, your users must install this patch to use your driver signed with SHA-2.

Install your certificate in MMC

  1. In your Windows search feature, enter mmc, and then click it to launch the Microsoft Management Console application.
  2. Expand Certificates (Local Computer), Personal.
  3. Right-click Certificates, and then go to the following menus: All Tasks > Imprt.
  4. Click Next.
  5. Browse for the SPC file — to find it, you'll need to change the file type to PKCS #7 Certificates (*.spc, *.p7b).
  6. Click Next.
  7. Select Place all certificates in the following store and ensure the value is Personal.
  8. Click Finish.

Create the PFX file

To create a PFX file (which you'll use with SignTool or Visual Studio), you need to combine your certificate file and your private key in MMC.

  1. In MMC, right-click your certificate (it will have your Common Name value displayed in the Issued To column), and then click Export.
  2. Click Next.
  3. Select Yes, export the private key.
  4. Under Personal Information Exchange..., select Include all certificates in the certitification path if possible.
  5. Enter and confirm a strong password to secure the certificate, and then click Next.
  6. Browse to a location to store the combined file, and then click Next.
  7. Click Finish.

The PFX file is now stored locally on your computer.

Next step

The next step you use depends on which type of certificate you're using:

Certificate type Use these instructions...
Code signing SignTool: Sign Windows code with a code signing certificate
Driver signing Visual Studio: Sign Windows drivers with a driver signing certificate