So you’ve purchased a code signing certificate from our store? Great! If you used FireFox to place the order then you’ll now need to export your certificate from the certificate store into a PFX file that you can use with the utilities that perform the code signing. This blog post will walk you through doing that.

If you ordered using Internet Explorer, click here to go to the post about exporting with IE.

Though these screen shots are from Windows XP the process is the same on Windows Vista and Windows 7.

To export a stored code signing certificate from FireFox to a PFX file follow these steps :

Open FireFox, click the Tools menu, then Options, then the Advanced Button (far right, top) :

Step 1

Click the View Certificates button :

Step 2

Select your certificate and click the Backup Button :

Step 3

FireFox requires a password for the PFX file.

Type in any password you like but REMEMBER WHAT YOU ENTER!

Click OK and that’s it! FireFox will ask you where you want to save the PFX file – save it anywhere. The file is portable and can now be copied to any computer.

Additional Note : FireFox might save the file with a .p12 extension – that’s OK! Just rename the file to .pfx and you can use it with any of the code signing tools.

So you’ve purchased a code signing certificate from our store? Great! If you used a new(er) version of Internet Explorer then you’ll now need to export your certificate from the certificate store into a PFX file that you can use with the utilities that perform the code signing. This blog post will walk you through doing that.

Though these screen shots are from Windows XP the process is the same on Windows Vista.

To export a stored code signing certificate to a PFX file follow these steps :

Open Control Panel, click Internet Options.

Step 1

Click the Content tab. Click the Certificates button.

Step 2

Select the Personal tab, then click the certificate you would like to export.

Comodo certificates will be “Issued By” UTN-USERFirst-Object like in the above screen shot.

Step 3

Click the Next button

Step 4

Click the option “Yes, export the private key”. Click the Next button.

Step 5

Select the option Personal Information Exchange. Check the first two boxes and optionally the third box. Click the Next button.

** Windows Vista Users : You may not have the “Enable Strong Encryption” option – that is OK! Check the “Export all extended properties” option.

Step 6

Optionally password protect the private key. Click the Next button.

While password protecting the key does provide a great deal of security (only those with the password can code sign), you MUST remember the password – it cannot be recovered.

The only thing left to do after step 6 is to choose where to save the PFX file and click Finish!

While not guaranteeing bug-free code, Authenticode identifies the publisher of signed software and verifies that it hasn’t been tampered with, before users download software to their PCs - technet.microsoft.com/en-us/library/cc750035.aspx

Authenticode is commonly referred to as Code Signing because a “digital signature” is attached to .EXE and other files that is used to determine if the file has been modified since being “signed” by the publisher.

The way most users have run across Authenticode is likely by downloading a piece of software and seeing a rather nasty “Unknown Publisher” warning from the web browser (or Windows). Does this look familiar to anyone?

That is an example of an Unknown Publisher download warning in Windows Vista.

Now an example of the same warning, but for a file that has been digitally signed (by K Software) :

If you click on the linked K Software text you can see the details of the certificate :

Note the “This Digital Signature is OK” message. If you don’t see that on the certificate details page then you should not run it as the file has been modified since the publisher signed it (it could have a virus or contain some other sort of malware).

What Authenticode is Not

Authenticode (Code Signing) is not a guarantee that the software that has been digitally signed is bug free or even virus/malware free. All a digital signature says is “this file has not been modified since it was signed by the publisher”. Having said that it is worth noting that obtaining a code signing certificate is not free and that companies or individuals that apply for a code signing certificate do have to pay a fee and do have to prove their identity to the company that issues the certificate.

K Software is an authorized Comodo reseller and offers Comodo Code Signing Certificates at a significant discount. Read more.