Transform Certificate to PVK + SPC Combination - Code Signing Certificates

Jun 27, 2023

Article Purpose: This article provides step-by-step instructions for transforming your code signing certificate to a PVK + SPC combination. If this is not the solution you are looking for, please search for your solution in the search bar above.  
 

1. Export your certificate to a ".pfx" file. Be sure to check Include All certificates in the Certification Path if Possible. Click below for export instructions:
   • From Internet Explorer
   • From FireFox
   • ​From FireFox to Internet Explorer
2. Install OpenSSL. Compiled binaries can be found at www.openssl.org.
3. Extract your private key from the ".pfx" file using the command:
   
   ->openssl pkcs12 -in <pfx-file> -nocerts -nodes -out <pem-key-file>
    
4. Enter the PFX password when prompted
5. Access the PVK transform utility by downloading the PVK zip file from GlobalSign.
   
   -> pvk -in(pem-key-file) -topvk -out (pvk-file) Example: -> pvk -in SOMETHING.PEM -topvk-out SOMETHING.pvk
    
6. Extract your certificates from the ".pfx" file using the command:
   
    openssl pkcs12 -in <pfx-file> -nokeys -out <pem-certs-file> 
    
7. Enter the PFX password when prompted.
8. Transform your "pem" file to a "spc" file using the command:
   
   ->openssl crl2pkcs7 -nocrl -certfile <pem-certs-file> -outform DER -out <spc-file>

Additional Resources:
Export Instructions:
OpenSSL Compiled Binaries: www.openssl.org
GlobalSign PVK zip file: www.globalsign.com/support/code-signing/PVK.zip