This documentation is archived and is not being maintained.

Getting a Software Publisher Certificate

Before you can sign files, you need to obtain a Software Publisher Certificate (SPC). To do this, you must make a request to a Certification Authority. During the application process, you must generate a key pair and provide the Certification Authority with identification information, such as your name, address, and public key. You must also make a legally binding pledge that you cannot and will not distribute software you know or should have known contains viruses or will otherwise maliciously harm the user's machine or code.

The Certification Authority generates a Software Publisher Certificate that conforms to the industry standard X.509 certificate format with Version 3 extensions. The certificate identifies you and contains your public key. It is stored by the Certification Authority for reference and a copy is returned to you via electronic mail. After accepting the certificate, you should include a copy in all published software signed with the private key.

See the following resources for information on Authenticode and digitally signed certificates:

Making a Test Software Publisher Certificate

You can use the MAKECERT and CERT2SPC utilities to make a test Software Publisher Certificate. Note that this test SPC is not valid for software publishing, but can be used to test code signing.

To make a private key file called MYKEY.PVK and a company certificate called CERT.CER, run the MAKECERT utility with the following command:

C:\MSSDK\BIN\MAKECERT -u:MyKey -n:CN=MySoftwareCompany -k:MYKEY.PVK 

MyKey is the name you give to your key and MySoftwareCompany is the name of your company. Note that the MAKECERT utility is case sensitive to command-line options, so you must use lowercase -u, -n, and -k. The value for the -n option must be an uppercase CN=.

To create a test Software Publisher Certificate (SPC) called CERT.SPC, run the CERT2SPC utility with the following command:


Note that the CERT.SPC file is created from the CERT.CER file you created with MAKECERT and from the ROOT.CER file provided in the same directory.

See Also

Creating Signed CAB Files for MFC and ATL Controls