GUI Procedure | Utimaco Integration Guides

Using the GUI, the procedure is as follows:

Run certmgr.msc, either by pressing Windows-R or opening a console and entering this command.
Right Click on Certificates - Current User > Personal and then click on All Task > Import and follow the instruction to import the signed certificate. Verify the certificate is successfully imported in Certificates - Current User > Personal > Certificates.

Code signing certificate

Double click the certificate and confirm that there is a private key mapped with this certificate. Check the message at the bottom.

Certificate properties

In case the private key is not mapped with private in the CryptoServer, repair the code signing certificate using the certutil repairstore utility.

Browse to the details tab.
Select the serial number or thumb print field.
Copy the data.
Use the certutil tool to link the private key on the CryptoServer with the code signing certificate. Don’t forget the double quotes since the serial number or thumb print copied before usually contains spaces.

`›_ Console`
`C:\>certutil -repairstore -user My <SerialNumber>` `My "Personal"` `================ Certificate 0 ================` `Serial Number: f61f71e40bcb5d14452d7edd2a034d22801fb547` `Issuer: CN=Utimaco-RootCA, DC=utimaco, DC=local` `NotBefore: 3/25/2022 8:31 AM` `NotAfter: 3/25/2023 8:31 AM` `Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE` `Non-root Certificate`
`Template:` `1.3.6.1.4.1.311.21.8.16593323.14862581.6636168.15641503.12204691.200.1114 8576.10529166` `Cert Hash(sha1): f61f71e40bcb5d14452d7edd2a034d22801fb547` `Key Container = tq-e5742d68-a308-4768-969c-dc11f7c3ed63` `Unique container name: D5A46CE713A51CA294D36197C327E614 Provider = Utimaco CryptoServer Key Storage Provider` `Private key is NOT exportable` `Signature test passed` `CertUtil: -repairstore command completed successfully.`

›_ Console

C:\>certutil -repairstore -user My <SerialNumber>

My "Personal"

================ Certificate 0 ================

Serial Number: f61f71e40bcb5d14452d7edd2a034d22801fb547

Issuer: CN=Utimaco-RootCA, DC=utimaco, DC=local

NotBefore: 3/25/2022 8:31 AM

NotAfter: 3/25/2023 8:31 AM

Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE

Non-root Certificate

Template:

1.3.6.1.4.1.311.21.8.16593323.14862581.6636168.15641503.12204691.200.1114 8576.10529166

Cert Hash(sha1): f61f71e40bcb5d14452d7edd2a034d22801fb547

Key Container = tq-e5742d68-a308-4768-969c-dc11f7c3ed63

Unique container name: D5A46CE713A51CA294D36197C327E614 Provider = Utimaco CryptoServer Key Storage Provider

Private key is NOT exportable

Signature test passed

CertUtil: -repairstore command completed successfully.

5. After the repairstore command has been successfully executed, refresh the certificate manager snap in, open the certificate and make sure you see the message "You have a private key that corresponds to this certificate".