Home » Software Security Blog » How to Install a Code Signing Certificate on Windows
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

This step-by-step guide will walk you through how to install a .pfx certificate on Windows 10 Certificate Manager (i.e., how to import a .pfx certificate file). This process works for importing code signing certificates as well as client authentication certificates and email signing certificates

Much like with many other technical tasks, installing a code signing certificate isn’t difficult when you know what you’re doing. But if you’re new to the world of code signing, or you’ve always had someone else install certificates onto your device that you’ve used previously, then understanding the process of how to install a code signing certificate can be a bit tricky to figure out.

A lot of guides you’ll find online walk you through the process of how to generate a CSR for a code signing certificate and others will walk you through how to install them using their proprietary interfaces. However, this means that stuff is happening on the backend where you don’t see what’s happening.

But what do you do if you have a code signing certificate that you’ve generated on your own, outside such tools, and you need to install it onto your Windows device? Finding information to answer that question is a bit more challenging because it’s not often addressed. That’s why we’re here — this article will break down the process of importing a code signing certificate to your device’s personal certificate folder in Windows’ built-in Certificate Manager console (CertMgr.msc).

How to Install a Code Signing Certificate in the Cert Manager Console

1. In your Start menu, type “certificate” and select Manage User Certificates. This will load a new pop-up window labeled certmgr.

manage user certificates

2. In the left-hand menu of this new window, double-click the top folder labeled Personal. This will drop down a menu with another folder beneath it labeled Certificates.

certmgr window

3. Right-click on that Certificates folder and navigate to All Tasks > Import. This will open the Certificate Import Wizard in a new window.

certmgr certificates all tasks import option

4. The next series of steps of how to install a code signing certificate on Windows involves using the built-in Certificate Import Wizard. In this new window, press the Next button.

certificate import wizard window

5. Select Browse in the File to Import window. This will open up a new screen file screen where you can select your PKCS file (.pfx).

certificate import wizard file to import
codesigningcertificate pfx file

Note: If the file isn’t displaying and all you see are .cer or .crt files, select Personal Information Exchange from the bottom drop-down menu near the file name field. Now, you should see your .pfx certificate file (may also be listed as a .p12 or PKCS12 file).

select pfx file

Note: The .pfx file is your certificate that’s been combined with your cryptographic private key. If you don’t see this file, it means that you first need to combine your key and certificate files to generate the .pfx file. (This can only be done on the same computer that the certificate signing request [CSR] was generated on.) There are a few ways to do this:

1. Use OpenSSL to create your PKCS code signing certificate. OpenSSL is an open-source command line that allows you to handle certificates and their corresponding cryptographic keys manually.

2. Use SSLShopper’s Certificate Converter Tool. This free tool simplifies the process of converting or combining your certificate and key files.

3. Use DigiCert’s Certificate Utility tool. You can use the CA’s certificate utility tool to export the certificate as a .pfx file. This will require having the key already available in the utility tool. To learn more, check out DigiCert’s article on their certificate utility tool

6. Select the .pfx file and press Open. This will return you to the previous Certificate Import Wizard window where you’ll now see your code signing certificate file selected in the previously empty browse field. Press Next.

browse the file name path

7. In this next window, you’ll have to enter your certificate password. This is the password you would have created when you first generated your code signing certificate. You can choose to mark your key as exportable or leave that option open depending on your needs. Press Next.

Certificate Import Wizard

8. Now, you’ll need to select where in your device’s Certificate Store you want to import or install your code signing certificate. The Certificate Store’s Personal folder is selected by default. Press Next.

certificate import wizard certificate store window

9. This is the final step in the Certificate Import Wizard process for how to install a code signing certificate on Windows. This screen is the last check to ensure that everything is accurate before you conclude the import process. Press Finish to proceed.

completing certificate import wizard window

That’s it! You’ve completed the installation process. You should see a message stating, “The import was successful.”

certificate imported successfully

Now, what you’ll want to do next is verify that everything worked as it was supposed to. Go back to your Windows Certificate Manager screen and navigate to the Personal > Certificates folder again. Here, you should see your newly installed certificate listed:

certmgr certificates option

Congratulations! You’ve successfully imported/installed your code signing certificate on Windows.