Associate a private key with a certificate

1min

This section explains how to associate a private key (stored in ) with its corresponding code signing certificate stored in the Local Machine Windows Certificate Store.
The CertUtil tool associates a private key with a certificate. The primary resource for advanced CertUtil use cases is this manual page. However, your use case generally won't go past the following command demonstration.
To associate a private key held in the  with a code signing certificate held in the Local Machine Windows certificate store, open the Command Prompt application and run the following command (replacing the fields surrounded in < and > symbols with the actual values that are required):
PowerShell
certutil -f -csp <human name of csp> -repairstore <store name> <serial number of cert in store>
certutil -f -csp <human name of csp> -repairstore <store name> <serial number of cert in store>
﻿
As an example, the command could look like the following sample:
PowerShell
certutil -f -csp "Futurex CNG" -repairstore My 00f204e900000070
certutil -f -csp "Futurex CNG" -repairstore My 00f204e900000070
﻿
For this integration, the CSP should be Futurex CNG and the store name should be My. The My value tells certutil to look for the certificate in the X.509 certificate store for personal certificates, where you imported the code signing certificate in the previous section. The only field that should be changed is the serial number field. To find the serial number of your certificate, locate it in the Personal certificate store and double-click it. 
Select the Details tab, then note down the serial number listed for the certificate to use in the certutil command.

Updated 09 Dec 2024

Did this page help you?

Import the Code Signing certificate into Windows Certificate Store

Test Microsoft SignTool commands