Exporting Your Digital Certificate to PFX Format
In order to sign your executables using a tool like SignTool.exe you will need to export a PFX file. It is also a good idea to export a PFX file in order to back up your code signing certificate.
Open Internet Options
Type internet options in the Start menu search box to quickly locate the Internet Options application.
![Open Internet Options](https://media.screensteps.com/image_assets/assets/006/889/874/original/FFE5D456-C854-4BBB-83EA-AF5D6C8EDF00.png)
Open Certificates Window
From the Content tab click on Certificates.
![Open Certificates Window](https://media.screensteps.com/image_assets/assets/006/889/876/original/8F06BE0C-9A81-47DB-9FC6-79FA04DF727A.png)
Export Certificate
Your Comodo certificate will be listed under the Personal tab. Select it and click the Export button.
![Export Certificate](https://media.screensteps.com/image_assets/assets/006/889/878/original/9518FA98-AFE6-40B2-9BAA-87F9229603A4.png)
The Export Wizard
The export wizard will open and you can step through the process.
![The Export Wizard](https://media.screensteps.com/image_assets/assets/006/889/880/original/A800036F-211C-43B8-A5C6-DA3FB826E59C.png)
Export the Private Key
![Export the Private Key](https://media.screensteps.com/image_assets/assets/006/889/883/original/7F9C4EE9-080F-426E-935D-F55CB1DD41EA.png)
Export as PFX (Personal Information Exchange)
Check Include all certificates... and Export all extended properties.
![Export as PFX (Personal Information Exchange)](https://media.screensteps.com/image_assets/assets/006/889/885/original/C8C91573-2486-4F72-BD19-60E76C0876F6.png)
Assign a Password
Assign a password to protect the private key. This password will be required when you sign your applications using the PFX file you are generating.
![Assign a Password](https://media.screensteps.com/image_assets/assets/006/889/887/original/9755A0B2-8434-4623-835E-BB9BC48FBA33.png)
Specify the Path
I export mine to the C:\ drive.
![Specify the Path](https://media.screensteps.com/image_assets/assets/006/889/889/original/63CD237C-3920-4AEA-B8F6-A27D79CBFB87.png)
Finish
![Finish](https://media.screensteps.com/image_assets/assets/006/889/891/original/3131A15D-34CE-42F4-BEBA-6EDDD7759FAB.png)
![](https://media.screensteps.com/image_assets/assets/006/889/893/original/E2D7081A-DC76-41B2-8C10-FFB54C49DBEA.png)
Hiren Patel
I've ePass2003 Token. How do I export the certificate in PFX format from the same ???
Hiren Patel
While I try to export the Certificate from IE-11 i'm not getting the Option "Yes Export the Private Kry" enabled in Internet Explorer-11
Trevor DeVore
@Hiren - I don't know. I haven't worked with ePass2003 tokens before.
MP
How did your Comodo certificate appear under personal? Is this a .cer that was created for you? Did you have to save the code signing certificate under a specific location? I have a Certificate.cer which I want to convert to a .pfx file.
Trevor DeVore
@MP - see the previous article in this manual which explains how to retrieve the certificate from Tucows: https://revolution.screenstepslive.com/s/revolution/m/10695/l/563367-retrieving-your-certificate
The .cer was installed during that process.
Ramji gupta
I've ePass2003 Token. How do I export the certificate in PFX format from the same ???
Trevor DeVore
@Ramji - Unfortunately I'm not familiar with that format so I can't offer any guidance.
basant
While I try to export the Certificate from IE-11 i'm not getting the Option "Yes Export the Private Kry" enabled in Internet Explorer-11
Jan Bludau
thank you :-)
Martin Koob
Hi Trevor. I am exporting a Code Signing Certificate in .PFX format using IE 11 and I get two options that don't show in your screenshots.
1. On the section above "Export as PFX..." under the option "Personal Information Exchange - PKCS #12 (>PFX) it has a 4th checkbox 'Enable certificate privacy'. It is checked by default. Should that be checked?
2. Under the 'Assign a password' section it shows just two fields for the password and the confirmation of the password. In the dialog I have it also has a dropdown menu for Encryption. That gives two choices: TripleDES-SHA1 and AES256-SHA256. It seems that I should pick AES256-SHA256 since I think both TripleDES and SHA1 are deprecated. What is the right choice here?
Thanks
Martin Koob
Trevor DeVore
@Martin -
1. Apparently leaving it checked will give you same behavior as pre Windows 10. At least that is what this article says: https://www.sevecek.com/EnglishPages/Lists/Posts/Post.aspx?ID=89
2. I would guess that you are right, based on the same reasoning. I don't know the potential implications are with each option though.