Collecting Your Certificate
After validation is finished, the issuing Certificate Authority (CA) will send the certificate via email to the certificate requester. Follow the "pick-up" or "collection" link in the email and initiate the downloading process. After the collection process is completed, your browser should download the certificate file.
NOTE: Please do not use Internet Explorer for this process. Chrome and Edge browsers actually work the best to collect the certificate this way. In Firefox, you may need to rename the downloaded certificate file to include the .crt extension or the file may not be valid.
Now, to set up your certificate to sign code, you will need to combine the downloaded certificate file with your private key and the chain certificates from Sectigo to create the final certificate file. We have included a download link for the intermediate chain certificates below.
There are several tools you can use to combine your certificate, private key, and the intermediate certificate file.
If you used OpenSSL to create your certificate signing request (CSR), you should be able to create your final Code Signing certificate the same way. You can run the following commands to pair the certificate, chain certificate, and key and make your PKCS#12 Code Signing file:
Convert PEM to PFX
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile CACert.crt
Make sure that "privatekey.key" is your private key, "certificate.crt" is the certificate downloaded from the browser, and "CAcert.crt" is the intermediate certificate downloaded from Sectigo.
SSLShopper Certificate Converter Tool
SSLShopper has a convenient certificate converter tool. You will need the following files:
- Your code signing certificate
- Your private key
- Sectigo's Code Signing intermediate certificate
If you downloaded your Code Signing Certificate from Chrome or Edge, you should have a file named "user.crt". This file may be a DER file. In order to use SSL Shopper's tool to make your Code Signing PFX, you must first convert the DER certificate file to PEM using the same tool.
You can tell if the certificate is a DER file if you open it with Notepad and see something like this:Use SSL Shopper's tool to first convert this file from DER to PEM.
After you have converted the certificate to PEM, you can now upload the new file, along with your private key and the intermediate certificates to complete the conversion to PFX/PKCS12.
Note: You will set the PFX password for the first time here.
If you used another utility, such as MMC or another certificate creation utility, you should be able to import your certificates into that utility to combine all necessary files and create the PKCS#12 for code signing. Please refer to to the documentation for your certificate utility for instructions to import and convert your code signing certificate.
Code Signing Intermediate Certificate Download
Standard [Download] Sectigo RSA Code Signing CA
Please reach out to our live support team if you need any assistance!