Associate a private key with a certificate

1min

This section explains how to associate a private key (stored on the ) with its corresponding code-signing certificate (stored in the Local Machine Windows certificate store).
The primary method of associating a private key with a certificate is by using the CertUtil tool. For complex scenarios with the certutil command, refer to this manual page. However, generally, your use case won't go beyond the case in this section.
1
To find the serial number of your certificate,  which you need for the next step, perform the following steps:
Locate it in the Personal certificate store and double-click it.
Go to the Details tab and note the serial number for the certificate to use in the certutil command.
2
To associate a private key held in the  with a code-signing certificate held in the Local Machine Windows certificate store, open the Command Prompt application as an Administrator and run the following command (replacing the fields surrounded in < and > symbols with the actual values):
PowerShell
certutil -f -csp <human name of csp> -repairstore <store name> <serial number of cert in store>
certutil -f -csp <human name of csp> -repairstore <store name> <serial number of cert in store>
﻿
For example, the command could look like this:
PowerShell
certutil -f -csp "Futurex CNG" -repairstore My 00f204e900000070
certutil -f -csp "Futurex CNG" -repairstore My 00f204e900000070
﻿
For this integration, the CSP should be Futurex CNG and the store name should be My. The My value tells CertUtil to look for the certificate in the X.509 certificate store for personal certificates, where you imported the code-signing certificate in the previous section. The only parameter value that you should change is the serial number value. 
﻿
﻿

Updated 20 Aug 2024

Did this page help you?

Import certificates into Windows Certificate Store

Test Microsoft SignTool commands