Command Line Procedure | Utimaco Integration Guides

If you have created the certificate request on the same computer using certreq Windows has “remembered” this open request. To install the certificate now simply run:

`›_ Console`
`C:\>certreq -accept -user codesign.crt` `Installed Certificate:` `Serial Number: 2d0000002ba56ec00d8b611e4a00000000002b` `Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE` `NotBefore: 3/25/2022 8:31 AM` `NotAfter: 3/25/2023 8:31 AM` `Thumbprint: f61f71e40bcb5d14452d7edd2a034d22801fb547`

›_ Console

C:\>certreq -accept -user codesign.crt

Installed Certificate:

Serial Number: 2d0000002ba56ec00d8b611e4a00000000002b

Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE

NotBefore: 3/25/2022 8:31 AM

NotAfter: 3/25/2023 8:31 AM

Thumbprint: f61f71e40bcb5d14452d7edd2a034d22801fb547

Since Windows has also remembered that the key for this certificate was created with the Utimaco CryptoServer Key Storage Provider it has already associated the certificate with that key provider and container. Thus, you can directly move on to sign code.

However, if the request was created on another computer or if you need to reinstall the certificate an error will be shown:

`›_ Console`
`C:\>certreq -accept -user codesign.crt` `Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146885628)`

›_ Console

C:\>certreq -accept -user codesign.crt

Certificate Request Processor: Cannot find object or property. 0x80092004 (-2146885628)

In that case you have to first import the certificate and then manually associate it with the key provider and container:

Run the following command to import the certificate:

`›_ Console`
`C:\>certutil -addstore -user My codesign.crt` `My "Personal"` `Related Certificates:` `Exact match:` `Element 0:` `Serial Number: 2d0000002ba56ec00d8b611e4a00000000002b` `Issuer: CN=Utimaco-RootCA, DC=utimaco, DC=local` `NotBefore: 3/25/2022 8:31 AM` `NotAfter: 3/25/2023 8:31 AM` `Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE` `Non-root Certificate` `Template:` `1.3.6.1.4.1.311.21.8.16593323.14862581.6636168.15641503.12204691.200.1114 8576.10529166` `Cert Hash(sha1): f61f71e40bcb5d14452d7edd2a034d22801fb547` `CertUtil: -addstore command completed successfully.`

›_ Console

C:\>certutil -addstore -user My codesign.crt

My "Personal"

Related Certificates:

Exact match:

Element 0:

Serial Number: 2d0000002ba56ec00d8b611e4a00000000002b

Issuer: CN=Utimaco-RootCA, DC=utimaco, DC=local

NotBefore: 3/25/2022 8:31 AM

NotAfter: 3/25/2023 8:31 AM

Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE

Non-root Certificate

Template:

1.3.6.1.4.1.311.21.8.16593323.14862581.6636168.15641503.12204691.200.1114 8576.10529166

Cert Hash(sha1): f61f71e40bcb5d14452d7edd2a034d22801fb547

CertUtil: -addstore command completed successfully.

Then run the following command to obtain the serial number. Replace “YourCompany Code Signing” with the common name (“CN” field) of your certificate.

`›_ Console`
`C:\>certutil -store -user My "YourCompany Code Signing" \| findstr Serial` `Serial Number: f61f71e40bcb5d14452d7edd2a034d22801fb547`

›_ Console

C:\>certutil -store -user My "YourCompany Code Signing" | findstr Serial

Serial Number: f61f71e40bcb5d14452d7edd2a034d22801fb547

Use the certutil tool to link the private key on the CryptoServer with the code signing certificate:

`›_ Console`
`C:\>certutil -repairstore -user My <SerialNumber>` `My "Personal"` `================ Certificate 0 ================` `Serial Number: f61f71e40bcb5d14452d7edd2a034d22801fb547` `Issuer: CN=Utimaco-RootCA, DC=utimaco, DC=local` `NotBefore: 3/25/2022 8:31 AM`
`NotAfter: 3/25/2023 8:31 AM` `Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE` `Non-root Certificate` `Template:` `1.3.6.1.4.1.311.21.8.16593323.14862581.6636168.15641503.12204691.200.1114 8576.10529166` `Cert Hash(sha1): f61f71e40bcb5d14452d7edd2a034d22801fb547` `Key Container = tq-e5742d68-a308-4768-969c-dc11f7c3ed63` `Unique container name: D5A46CE713A51CA294D36197C327E614 Provider = Utimaco CryptoServer Key Storage Provider` `Private key is NOT exportable` `Signature test passed` `CertUtil: -repairstore command completed successfully.`

›_ Console

C:\>certutil -repairstore -user My <SerialNumber>

My "Personal"

================ Certificate 0 ================

Serial Number: f61f71e40bcb5d14452d7edd2a034d22801fb547

Issuer: CN=Utimaco-RootCA, DC=utimaco, DC=local

NotBefore: 3/25/2022 8:31 AM

NotAfter: 3/25/2023 8:31 AM

Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE

Non-root Certificate

Template:

1.3.6.1.4.1.311.21.8.16593323.14862581.6636168.15641503.12204691.200.1114 8576.10529166

Cert Hash(sha1): f61f71e40bcb5d14452d7edd2a034d22801fb547

Key Container = tq-e5742d68-a308-4768-969c-dc11f7c3ed63

Unique container name: D5A46CE713A51CA294D36197C327E614 Provider = Utimaco CryptoServer Key Storage Provider

Private key is NOT exportable

Signature test passed

CertUtil: -repairstore command completed successfully.