How to generate a PKCS12 (.p12) from a .SPC (code signing certificate) and .PKCS12 (private key)?

…衆ロ難τιáo~ 提交于 2020-01-23 18:37:09

问题


I have a code-signing certificate (SPC) file from GoDaddy. The file was generated from an existing private key:

-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvcG2SEalg9pvkTvtMI8cZg07tVA0RuK7LeGlFdk1smXgqrsH
.... snipped ....
MURwR0FXgNAuFNQ0yBNFNW2+o9uBceLuCSUalgi4pQw1uBmP5QkUYA==
-----END RSA PRIVATE KEY-----

I generated a certificate signing request and sent this to GoDaddy:

-----BEGIN CERTIFICATE REQUEST-----
MIICiDCCAXACAQAwQzFBMD8GCSqGSIb3DQEJARYyYXBwbGVAdGVrNC1uZXdtZWRp
.... snipped ....
nJwd9pSDPuYaNHl33N1BJkXFusG7ta0D6UjisA==
-----END CERTIFICATE REQUEST-----

GoDaddy then returned me an SPC file. My research shows that typically you'd have a SPC/PVK pair but obviously my private key isn't of PVK type. I've tried several methods (pvkimprt, pvk2pfx, openssl, keytool) but can't seem to convert my key to PVK type or my SPC to a PKCS12 type independently without both the certificate (SPC) and private key being in a single key-store.

The command that I appear to need to do this in one step is: openssl pkcs12 -in cert_from_godaddy.spc -inkey private.key -export -out full_code_signing_chain.pkcs12

However, running that I just get: Loading 'screen' into random state - done No certificate matches private key

But, the certificate (SPC) is for the private key. What am I doing wrong?!

Background: I'm trying to generate a .p12 file sign an Adobe AIR application


回答1:


To be honest I can not understand at all what you are trying to do.

You got back the SPC file which is just the #PKCS7 der encoding with your certificate.

You also have your private key.

All you need to do is import the certificate to the pkcs12 keystore to have the signed certificate with your private key.




回答2:


Here is how I created a .p12 file from GoDaddy's .spc file: 1. Right click myCert.spc, Install Certificate (to install the .spc into Windows) 2. Double click myCert.spc (to open it in certmgr), export to a .cer file. 3. Import that .cer file into Firefox. 4. From with Firefox: backup what you just imported to create a .p12 file.

Then you can use that .p12 file to sign your code.




回答3:


To create a P12 truststore from a private key and a SPC file do the following steps with OpenSSL:

  1. (Optional): Extract the private key from an old P12 truststore:

openssl pkcs12 -in old.p12 -nocerts -out privateKey.pem

  1. Extract the certificate chain from the SPC file:

openssl pkcs7 -inform DER -outform PEM -in godaddy.spc -print_certs > certificates.pem

  1. Create the new P12 truststore:

openssl pkcs12 -export -out new.p12 -inkey privateKey.pem -in certificates.pem



来源:https://stackoverflow.com/questions/9112166/how-to-generate-a-pkcs12-p12-from-a-spc-code-signing-certificate-and-pkcs

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!