该代码签名证书怎么办？ [英] What to do with the code signing certificate?

问题描述

我的公司从Symantec订购了代码签名证书，并获得了使用它的任务。我不知道该怎么做，即使在他们的网站上也没有明确的指示。我有一个.cer格式的证书，当我尝试在Visual Studio 2013-属性窗口中使用它时，它表示该证书没有与之关联的私钥。我搜索后发现.pvk文件将存储在我们从中订购了证书的系统注册表中。鉴于我可以获取.pvk文件，我想知道下一步该怎么做。我有两个文件，我需要.pfx格式（包含私钥）。我知道这不完全是编程问题，但我希望有人像我一样遇到同样的问题，并且他们可以指导我。

My company ordered a code signing certificate from Symantec and I was given the task to use it. I have no idea how to do that and there are no clear instructions even on their website. I have a certificate in .cer format and when I try to use it from Visual studio 2013 - properties window it is saying that the certificate doesn't have a private key associated with it. I searched and found that the .pvk file will be stored in the system registry from which we have ordered the certificate. Given I can get the .pvk file I want to know what to do next. I have two files and I need a .pfx format(which contains a private key). I know this is not exactly a programming question but I hope somebody had the same problem like me and they can guide me.

我正在处理WPF应用程序。

I am working on a WPF application.

推荐答案

解决方案

在同一台机器上用于订购新证书，右键单击.cer文件并安装。

ON THE SAME MACHINE THAT WAS USED TO ORDER THE NEW CERTIFICATE, right-click the .cer file and install it.

下一步，转到订购证书时使用的浏览器，然后

Next, go to the same browser that was used when ordering the certificate, and export the certificate.

• 在IE上，转到菜单（齿轮图标）-> Internet选项->内容。选择证书，然后单击导出...。


• 在Chrome上，转到菜单（3个栏）->设置->高级->管理证书。选择证书，然后单击导出...。


• 在Firefox上，进入Firefox（下拉菜单）->选项->选项->高级->加密->查看证书。选择证书，然后单击备份...。

按照向导将证书导出到文件。确保选择是，导出私钥。使用个人信息交换-PKCS＃12（.PFX）选项，然后选择如果可能，在证书路径中包括所有证书和导出所有扩展属性复选框。

Follow the wizard to export the certificate to a file. MAKE SURE YOU SELECT "Yes, export the private key". Use the "Personal Information Exchange - PKCS #12 (.PFX)" option, and select the "Include all certificates in the certification path if possible" and "Export all extended properties" checkboxes.

您现在将拥有一个.PFX或.P12文件，您可以将该文件分发给开发人员。

You will now have a .PFX or a .P12 file you can distribute to your developers.

详细信息

获得证书涉及创建CSR（证书签名请求）。此过程将创建您的PK（私钥），并将其存储在该计算机的证书存储区中。它还会创建实际的CSR，您的CA（证书颁发机构，或颁发您证书的公司）需要使用它来生成您的代码签名证书。整洁的是，CSR不包含您的私钥，因此您的CA永远不会得到他们的PK。

Obtaining a certificate involves creating a CSR (Certificate Signing Request). This process creates your PK (Private Key), and stores it in that computer's certificate store. It also creates the actual CSR, which your CA (Certificate Authority, or the company issuing your certificate) needs to generate your code-signing certificate. The neat thing is, the CSR DOES NOT contain your private key, so your CA never, ever gets their hands on the PK.

您的CA使用CSR来生成您的CA加密安全证书。由于他们没有您的PK，因此无法创建.PFX文件。他们只能创建一个.CER。通过在生成CSR的同一台计算机上安装.CER文件，证书存储将自动将CSR和关联的PK与.CER指纹进行匹配。安装证书后，您可以将证书和PK导出为单个.PFX。

Your CA uses the CSR to generate your cryptographically secure certificate. Because they don't have your PK, they can't create a .PFX file. They can only create a .CER. By installing the .CER file on the same machine that generated the CSR, the certificate store will automatically match the CSR and associated PK with the .CER fingerprint. Once the certificate is installed, you can then export the certificate and PK as a single .PFX.

这篇关于该代码签名证书怎么办？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！