You MUST use the exact same browser that you used to complete the Certificate Details part of your order. Chrome and Edge will not work, our order system would have forced you to use Firefox or real Internet Explorer (not Edge!). Make sure that when you're following the instructions in this tutorial that you used Internet Explorer. These instructions only apply to those that used Internet Explorer to submit the certificate details portion of their order. 



** IMPORTANT NOTE : You can only export your certificate *AFTER* it is issued and you have visited the collection link.


** IMPORTANT NOTE : Depending on when you purchased your code signing certificate, you may see Sectigo as the issuer. Comodo changed their corporate name in 2018, all certificates are still trusted at the same level as before, it was just a name/brand change. 


CHROME, EDGE and OPERA WILL NOT WORK with the code signing export process any longer (it now lacks the proper controls to generate and handle the private key). Our order system will not let anyone submit using an unsupported browser. This has nothing to do with support of signatures created with your certificate, it is just a limitation of the key generation at order time. Once exported, all certificates work in all browsers and is completely portable.

To export a stored code signing certificate to a PFX file follow these steps :

 

Open Control Panel, click Internet Options.




Step 1 

Click the Content tab. Click the Certificates button.






Step 2


Select the Personal tab, then click the certificate you would like to export and click the Export Button (the screenshot shows K Software but you will see YOUR company name there!).








Step 3
Click the Next button



Step 4

Click the option “Yes, export the private key”. Click the Next button.





 

Step 5

Select the option Personal Information Exchange. Check the "Include all certificates in the certification path if possible" and "Export all extended properties" boxes.


*** Your version of Windows might show slightly different options but should be very similar.


** If you're using Windows 10 Creator's Edition, you'll see an option for enabling certificate privacy. This is up to you, its function is to encrypt the entire certificate instead of just the private key portion with a password. 





Optionally check the box to password protect the private key. If you set a password you will have to input it when you sign files. It is VERY highly recommended you set a password to restrict access to your certificate.


** In the latest version of Windows 10 you'll see an 'Encryption' option for the private key. Choose the SHA1 option. This DOES NOT AFFECT YOUR SIGNATURES OR YOUR CERTIFICATE ALGORITHM. Unfortunately the current version of signtool only supports SHA1 encryption of private keys. 



Click the Next button.





Click the Browse button to choose a name and location for your PFX file.


Click the next button, and Finish on the following window and you are finished!