Tutorial on Exporting / Importing Windows Authenticode Certificates in Windows

How to Export Authenticode Code Signing Certificates from Windows Computers

Thanks to the DigiCert Certificate Management Utility, Exporting Microsoft Authenticode Code Signing Certificates to additional computers is a cinch. To let the exporting begin, just follow the steps below.

  1. Download and run the DigiCert Certificate Management Utility on the computer that you have the code signing certificate installed to the current user's Windows User Account.

  2. Select your certificate and click Export.

    DigiCert Util - Microsoft Authenticode Certificate Export

  3. Select Yes, export the private key then choose pfx file, and check
    Include all certificates in the certification path if possible.


    DigiCert Utility Code Signing Certificate Exporting Options

  4. Create a password for the certificate file, then confirm it and click Next to go to the next step.
    Note: This password will need to be re-entered when importing the pfx file onto another Windows computer.

    Pick a Password

  5. Save your authenticode certificate as a pfx file and click Finish.

    Authenticode Export select a filename.pfx

Importing and Code Signing Instructions for Authenticode Certificates in Windows

  1. Importing the certificate is pretty easy. You'll just have to copy the 'YourCompanyCodeSigning.pfx' to the new computer, then double-click on it and enter the password to import it.

  2. After importing your certificate you can sign your files using the following command from an elevated command prompt:
    signtool sign /t http://timestamp.digicert.com /a "c:\path\to\FileToSign.exe" Authenticode File Signed and Timestamped Successfully

Troubleshooting

    You can verify that your certificate was imported correctly using either of the following 2 methods:

  1. After Importing your Certificate to the Certificate Store you can verify that it's listed correctly by running the DigiCert Certificate Utility on your computer.
    Your Certificate should then show up in the Code-Signing Certificates section.

  2. Managing your Certificate from the MMC Console:
    You can also verify the code signing certificate has been installed for the current user by running the Certificate Manager snap-in (certmgr.msc) in MMC.
    To open the Snap-In goto Start > Run > type certmgr.msc and press Enter. Expand 'Personal' > 'Certificates' and you should see your certificate listed.