1

I have a code-signing certificate (SPC) file from GoDaddy. The file was generated from an existing private key:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvcG2SEalg9pvkTvtMI8cZg07tVA0RuK7LeGlFdk1smXgqrsH
.... snipped ....
MURwR0FXgNAuFNQ0yBNFNW2+o9uBceLuCSUalgi4pQw1uBmP5QkUYA==
-----END RSA PRIVATE KEY-----

I generated a certificate signing request and sent this to GoDaddy:

-----BEGIN CERTIFICATE REQUEST-----
MIICiDCCAXACAQAwQzFBMD8GCSqGSIb3DQEJARYyYXBwbGVAdGVrNC1uZXdtZWRp
.... snipped ....
nJwd9pSDPuYaNHl33N1BJkXFusG7ta0D6UjisA==
-----END CERTIFICATE REQUEST-----

GoDaddy then returned me an SPC file. My research shows that typically you'd have a SPC/PVK pair but obviously my private key isn't of PVK type. I've tried several methods (pvkimprt, pvk2pfx, openssl, keytool) but can't seem to convert my key to PVK type or my SPC to a PKCS12 type independently without both the certificate (SPC) and private key being in a single key-store.

The command that I appear to need to do this in one step is: openssl pkcs12 -in cert_from_godaddy.spc -inkey private.key -export -out full_code_signing_chain.pkcs12

However, running that I just get: Loading 'screen' into random state - done No certificate matches private key

But, the certificate (SPC) is for the private key. What am I doing wrong?!

Background: I'm trying to generate a .p12 file sign an Adobe AIR application

Celada
  • 21,627
  • 4
  • 64
  • 78
user72003
  • 425
  • 1
  • 5
  • 7

3 Answers3

1

To be honest I can not understand at all what you are trying to do.

You got back the SPC file which is just the #PKCS7 der encoding with your certificate.

You also have your private key.

All you need to do is import the certificate to the pkcs12 keystore to have the signed certificate with your private key.

Cratylus
  • 52,998
  • 69
  • 209
  • 339
  • 2
    Whilst this didn't answer the question per-se it actually lead to the answer... Knowing SPC was just DER/PKCS7 I used `openssl pkcs7 -inform DER -on godaddy.spc -outform PEM -out out.p12` to get what I needed. – user72003 Feb 06 '12 at 09:49
  • 2
    @user72003 There is a syntax error in the command... -on should be -in giving: `openssl pkcs7 -inform DER -in godaddy.spc -outform PEM -out out.p12` – Be Kind To New Users Mar 20 '12 at 00:21
0

Here is how I created a .p12 file from GoDaddy's .spc file: 1. Right click myCert.spc, Install Certificate (to install the .spc into Windows) 2. Double click myCert.spc (to open it in certmgr), export to a .cer file. 3. Import that .cer file into Firefox. 4. From with Firefox: backup what you just imported to create a .p12 file.

Then you can use that .p12 file to sign your code.

TradeHound
  • 11
  • 1
0

To create a P12 truststore from a private key and a SPC file do the following steps with OpenSSL:

  1. (Optional): Extract the private key from an old P12 truststore:

openssl pkcs12 -in old.p12 -nocerts -out privateKey.pem

  1. Extract the certificate chain from the SPC file:

openssl pkcs7 -inform DER -outform PEM -in godaddy.spc -print_certs > certificates.pem

  1. Create the new P12 truststore:

openssl pkcs12 -export -out new.p12 -inkey privateKey.pem -in certificates.pem

sundance
  • 2,930
  • 1
  • 20
  • 25