Ask a Question

Advanced Search

Solution ID : SO17632

Last Modified : 06/25/2018

Convert a Microsoft Authenticode (Multi-Purpose) Certificate to PVK and SPC File Formats

Problem

If the Microsoft Authenticode or Microsoft Organizational certificate has been ordered and installed on a PC that runs Windows Vista, Windows 7, or Windows 8, the certificate will be installed directly into the certificate store in Internet Explorer.  Under certain circumstances, some signing software might still require the certificate to be in two separate files: the .pvk (private key) and .spc (the public key) files.

Solution

 

To convert a browser installed Microsoft Authenticode or a Microsoft Organizational certificate to separate .PVK and .SPC files, please follow one of the methods below.

Step 1: Export the certificate from Internet Explorer into a .pfx file

  1. From the menu bar, click on Tools > Internet Options.
  2. Click the Content tab
  3. Click the Certificates button
  4. In the Personal tab, select the certificate to export
  5. Click Export.
  6. Click Next.
  7. Select the Yes, export the Private Key option
  8. Click Next.
    Note:
    Manually check the option box "Include all certificates in the certification path if possible."
  9. Click Next.
  10. Enter the password to protect the certificate and private key being exported. Enter this password again to confirm then click Next
  11. Browse to the directory to store the file and enter "authenticode" as file name
  12. Click Save and then Next.
  13. Click Finish.
  14. A confirmation message will display: "The export was successful."
  15. Click OK.

A file named authenticode.pfx will be created.

 

Step 2: Convert the .pfx file to separate .pvk and .spc files

  1. Download the attached pfx_to_pvk_and_spc.zip file from the bottom of this web page.
    NOTE:  Thawte does not support this 3rd party tool
     
  2. Unzip the folder to a location and save the authenticode.pfx file created from Step 1 above to the same location.
  3. Then using a command prompt, run the following command line from the location of the unzipped utilities and the .pfx file:
     
    convert authenticode.pfx

This will generate the myprivatekey.pvk and mycredentials.spc files automatically.