Code signing
Microsoft SignTool

Associate a private key with a certificate

1min

This section explains how to associate a private key (stored in ) with its corresponding code signing certificate stored in the Local Machine Windows Certificate Store.

The CertUtil tool associates a private key with a certificate. The primary resource for advanced CertUtil use cases is this manual page. However, your use case generally won't go past the following command demonstration.

To associate a private key held in the with a code signing certificate held in the Local Machine Windows certificate store, open the Command Prompt application and run the following command (replacing the fields surrounded in < and > symbols with the actual values that are required):

PowerShell


For example, the command could look like the following sample:

PowerShell


For this integration, the command is identical to the preceding example except for the serial number field.

The CSP should be Futurex CNG, and the store name should be My. The My designation tells certutil to look for the certificate in the X.509 certificate store for personal certificates, where you imported the code signing certificate in the previous section.

Replace the serial number value with the serial number of your certificate, which you can get from the Personal certificate store by double-clicking it. Then, go to the Details tab and write down the serial number listed for the certificate to use in the certutil command.