将GoDaddy发出的.spc和.key文件加入完整的.pfx / .cer证书 [英] Joining GoDaddy-issued .spc and .key files into a complete .pfx / .cer certificate

问题描述

我在 .spc 文件中有GoDaddy发出的代码签名证书。此外，我有一个私钥在 .key 文件。代码签名已在大约13个月前发布，然后它过期，并使用GoDaddy续订。在更新过程中没有请求私钥，只有一个新的 .spc 文件有问题。

I have a GoDaddy-issued code signing certificate in a .spc file. Also, I have a private key in .key file. The code signing has been issued some 13 months ago, then it expired and was renewed with GoDaddy. During the renewal process no private key was requested and just a new .spc file was issues.

m面临将原始私钥文件与问题证书加入以形成 .pfx （或 .cer

Now I'm facing the problem of joining the original private key file with the issues certificate to form a .pfx (or .cer?) file suitable for installation into the Windows certificate store.

我尝试的命令是：

openssl.exe pkcs12 -inkey my.key -in my.spc -out my.pfx -export

但是，我收到一条错误消息，显示为无证书匹配私钥。

However, I'm getting an error message that reads "No certificate matches private key".

我已遵循这个答案对SO 来验证 .key 文件是有效的私钥。然而，当我尝试验证 .spc 是一个有效的证书，我只是得到

I've followed this answer on SO to verify the .key file is a valid private key. However, when I try to verify that .spc is a valid certificate, I just get

unable to load certificate 
5436:error:0906D06C:PEM routines:PEM_read_bio:no start line:.\crypto\pem\pem_lib.c:650:Expecting: TRUSTED CERTIFICATE

生成 .pfx 文件的正确方法是我的输入？我使用OpenSSL 0.9.8k。

What's the correct way of producing an .pfx file from my inputs? I'm using OpenSSL 0.9.8k.

推荐答案

最后我设法找出一个工作的程序。以下是从SPC和KEY文件生成新的PFX和CER代码签名证书的步骤：

In the end I managed to figure out a procedure that works. Here are the steps to generate a new PFX and CER code signing certificate from SPC and KEY files:

1. 获取新的


2. 从过期的PFX导出PEM格式的私钥：

1. Obtain your new CodeSign.spc certificate from GoDaddy.

2. Export a PEM-formatted private key from the expired PFX:

openssl.exe pkcs12 -in CodeSign.pfx -nocerts -out CodeSign.pem

将PEM格式的私钥转换为PVK格式：

Convert the PEM-formatted private key into the PVK format:

pvk.exe -in CodeSign.pem -topvk -strong -out CodeSign.pvk

PVK和SPC转换为PFX：

Combine the PVK and SPC into PFX:

pvk2pfx.exe -pvk CodeSign.pvk -pi <passphrase> -spc CodeSign.spc -pfx CodeSign.pfx -po <passphrase> -f

将生成的PFX文件导入Windows证书存储。

Import the resulting PFX file into Windows certificate store. Remember to make it exportable.

您可以定期存储PVK文件并跳过步骤（2）和（3）。

In case you are renewing your certificate periodically you can store the PVK file and skip steps (2) and (3).

UPDATE：证书在CRT而不是SPC格式，请执行以下操作将其转换为SPC：

UPDATE: In case you happen to have the certificate in CRT instead of SPC format, do the following to covert it into SPC:

openssl crl2pkcs7 -nocrl -certfile CodeSign.crt -outform DER -out CodeSign.spc

资料来源：

• http://www.tech-pro.net /export-to-pvk-spc.html


• http://ellisweb.net/2008/08/signing-code-using-pvk-and-spc-files/


• < a href =http://www.drh-consultancy.demon.co.uk/> http://www.drh-consultancy.demon.co.uk/


• https://www.sslshopper.com/ssl-converter.html


• http：//russenreaktor.wordpress。 com / 2010/06/10 / solved-convert-signing-certificate-crt-to-spc /

• http://www.tech-pro.net/export-to-pvk-spc.html
• http://ellisweb.net/2008/08/signing-code-using-pvk-and-spc-files/
• http://www.drh-consultancy.demon.co.uk/
• https://www.sslshopper.com/ssl-converter.html
• http://russenreaktor.wordpress.com/2010/06/10/solved-convert-signing-certificate-crt-to-spc/

您需要的工具：

• OpenSSL


• pvk.exe - 请参阅该页面底部的下载链接


• pvk2pfx.exe - Microsoft SDK的一部分， li>
  

• OpenSSL
• pvk.exe — see the download link at the bottom of that page
• pvk2pfx.exe — part of Microsoft SDKs, installs with Visual Studio 2010

这篇关于将GoDaddy发出的.spc和.key文件加入完整的.pfx / .cer证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！