If the Microsoft Authenticode or Microsoft Organizational certificate has been order and installed on a PC that runs Windows Vista or Windows 7, the certificate will be installed directly into the certificate store in Internet Explorer. Under certain circumstances, the signing software might still require the certificate to be in two separate files: the .pvk (private key) and .spc (the public key) files.
myprivatekey.pvk and mycredentials.spc not created
Export and convert browser installed Microsoft Authenticode certificate to separate .pvk and .spc files
Export and convert browser installed Microsoft Organizational certificate to separate .pvk and .spc files
Convert .pfx (PKCS#12) to .pvk and .spc
To convert a browser installed Microsoft Authenticode or a Microsoft Organizational certificate to separate .PVK and .SPC files, please follow one of the methods below.
Note: If the Code Signing ID cannot be exported with the private key (this is required to obtain the .pfx file), then you will need to replace the certificate. Please see solution SO1737 for replacing a Code Signing ID.
Method 1: Automated Procedure (batch job)
A file named authenticode.pfx will be created.
Method 2: Manual Procedure using OpenSSL
The following tools are required for this manual conversion procedure:
PVK Conversion Tool (http://www.drh-consultancy.demon.co.uk/pvk.html)
Step 3: Convert the Private Key to Microsoft PVK format
Step 4: Export the Public Key
To convert the public key to the required SPC format, run the following command, using OpenSSL: