25 Apr 2014 
Comodo Support Home |
Support Center » Knowledgebase » Converting a PFX file to SPC and PVK files
 Converting a PFX file to SPC and PVK files
Solution

How to convert PFX/P12 file to SPC/PVK format


Export Certificate with Private Key.

Use the export wizard with the following options:

  1. Export Private Key (Yes)

  2. DO NOT TICK include all certificates in the certification path if possible

  3. TICK enable strong protection

  4. DO NOT TICK delete private key

Prerequisite: OpenSSL 0.9.8 or better. OpenSSL 1.x preferred.

Note: If you are running Windows you may download OpenSSL here. Otherwise, you can find compiled binaries directly from the OpenSSL Website or consult your Operating System's package management feature.

Private Key (PVK)

  1. Extract your Private Key from the PFX/P12 file to PEM format.
         openssl pkcs12 -in PFX_FILE -nocerts -nodes -out PEM_KEY_FILE

    Note: The PFX/P12 password will be asked. This is the password you gave the file upon exporting it.

  2. Format PEM_KEY_FILE using a text editor

         Remove "Bag attributes" and "Key Attributes" from this file and save. The contents of the file should only contain the header (-----BEGIN PRIVATE KEY-----), footer (-----END PRIVATE KEY----- ) and some text between the header and footer.

  3. Convert PEM Private Key to PVK format.

    OpenSSL 0.9.8 series:
         pvk -in PEM_KEY_FILE -topvk -out PVK_FILE

    Note #1: In order to use pvk for OpenSSL 0.9.8 series, you must download PVK Transform, which is ONLY available for Microsoft Windows environments

    OpenSSL 1.x series:
         openssl rsa -in PEM_KEY_FILE -outform PVK -pvk-strong -out PVK_FILE

    Note #2: A PEM passphrase may be asked. This will be the password/passphrase that you will use to sign your code.


Software Publisher's Certificate (SPC)

  1. Extract Certificate from P12/PFX file.
         openssl pkcs12 -in PFX_FILE -nokeys -out CERT_PEM_FILE

  2. Convert Certificate to SPC format.
         openssl crl2pkcs7 -nocrl -certfile CERT_PEM_FILE -outform DER -out SPC_FILE

Note: If you have exported your certificate from another browser outside of IE, then please ensure in the CERT_PEM_FILE that ONLY your certificate exists or else code signing will NOT WORK!

Example Conversion

PVK
     openssl pkcs12 -in my_pfx_file.pfx -nocerts -nodes -out rsa.pem
     openssl rsa -in rsa.pem -outform PVK -pvk-strong -out mykey.pvk

SPC
     openssl pkcs12 -in my_pfx_file.pfx -nokeys -nodes -out cert.pem
     openssl crl2pkcs7 -nocrl -certfile cert.pem -outform DER -out cert.spc


Article Details
Article ID: 1089
Created On: 25 Jul 2007 12:30 PM

 This answer was helpful  This answer was not helpful

 Back
 Login [Lost Password] 
Email:
Password:
Remember Me:
 
 Search
 Latest News  
 Article Options
Support Home | Comodo Home | Submit a Ticket | Knowledgebase | Troubleshooter | News | Downloads

by Kayako SupportSuite v3.70.02