> ## Documentation Index
> Fetch the complete documentation index at: https://docs.futurex.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Associate a private key with a certificate

> Link a private key stored on the HSM to its corresponding certificate in the Windows certificate store.

This section explains how to associate a private key (stored on the Vectera Plus) with its corresponding code-signing certificate (stored in the **Local Machine Windows** certificate store).

The primary method of associating a private key with a certificate is by using the **CertUtil** tool. For complex scenarios with the `certutil` command, refer to this manual page: [**docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil**](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/certutil). However, generally, your use case won't go beyond the case in this section.

<Steps>
  <Step>
    To find the serial number of your certificate,  which you need for the next step, perform the following steps:

    1. Locate it in the **Personal** certificate store and double-click it.
    2. Go to the **Details** tab and note the serial number for the certificate to use in the `certutil` command.
  </Step>

  <Step>
    To associate a private key held in the Vectera Plus with a code-signing certificate held in the **Local Machine Windows** certificate store, open the Command Prompt application as an Administrator and run the following command (replacing the fields surrounded in \< and > symbols with the actual values):

    ```powershell expandable lines wrap title="Powershell" theme={null}
    certutil -f -csp <human name of csp> -repairstore <store name> <serial number of cert in store>
    ```

    For example, the command could look like this:

    ```powershell expandable lines wrap title="Powershell" theme={null}
    certutil -f -csp "Futurex CNG" -repairstore My 00f204e900000070
    ```

    For this integration, the **CSP** should be `Futurex CNG` and the **store name** should be `My`. The `My` value tells **CertUtil** to look for the certificate in the X.509 certificate store for personal certificates, where you imported the code-signing certificate in the previous section. The only parameter value that you should change is the **serial number** value.
  </Step>
</Steps>
