Associate a private key with a certificate

This section explains how to associate a private key (stored in CryptoHub) with its corresponding code signing certificate stored in the Local Machine Windows Certificate Store. The CertUtil tool associates a private key with a certificate. The primary resource for advanced CertUtil use cases is this manual page. However, your use case generally won’t go past the following command demonstration. To associate a private key held in the CryptoHub with a code signing certificate held in the Local Machine Windows certificate store, open the Command Prompt application and run the following command (replacing the fields surrounded in < and > symbols with the actual values that are required):

PowerShell

certutil -f -csp <human name of csp> -repairstore <store name> <serial number of cert in store>

For example, the command could look like the following sample:

PowerShell

certutil -f -csp "Futurex FXCL KMES CNG" -repairstore My 00f204e900000070

For this integration, the command is identical to the preceding example except for the serial number field. The CSP should beFuturex FXCL KMES CNG, and the store name should beMy. TheMy designation tells certutil to look for the certificate in the X.509 certificate store for personal certificates, where you imported the code signing certificate in the previous section. Replace the serial number value with the serial number of your certificate, which you can get from the Personal certificate store by double-clicking it. Then, go to the Details tab and write down the serial number listed for the certificate to use in the certutil command.

Documentation Index