GUI Procedure | Utimaco Integration Guides

Using the GUI, the procedure is as follows:

Run certmgr.msc, either by pressing Windows-R or opening a console and entering this command.
Right-click on Certificates - Current User > Personal and then click on All Task > Import and follow the instructions to import the signed certificate. Verify the certificate is successfully imported in Certificates - Current User > Personal > Certificates.

Code-signing certificate

Double-click the certificate and confirm that there is a private key mapped with this certificate. Check the message at the bottom.

Certificate properties

In case the private key is not mapped with private in the CryptoServer, repair the code-signing certificate using the certutil repairstore utility.

Browse to the details tab.
Select the serial number or thumb print field.
Copy the data.
Use the certutil tool to link the private key on the CryptoServer with the code-signing certificate. Don’t forget the double quotes since the serial number or thumb print copied before usually contains spaces.

›_ Console
C:\>certutil -repairstore -user My <SerialNumber> My "Personal" ================ Certificate 0 ================ Serial Number: f61f71e40bcb5d14452d7edd2a034d22801fb547 Issuer: CN=Utimaco-RootCA, DC=utimaco, DC=local NotBefore: 3/25/2022 8:31 AM NotAfter: 3/25/2023 8:31 AM Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE Non-root Certificate Template: 1.3.6.1.4.1.311.21.8.16593323.14862581.6636168.15641503.12204691.200.1114 8576.10529166 Cert Hash(sha1): f61f71e40bcb5d14452d7edd2a034d22801fb547 Key Container = tq-e5742d68-a308-4768-969c-dc11f7c3ed63 Unique container name: D5A46CE713A51CA294D36197C327E614 Provider = Utimaco CryptoServer Key Storage Provider Private key is NOT exportable Signature test passed CertUtil: -repairstore command completed successfully.

›_ Console

C:\>certutil -repairstore -user My <SerialNumber> 

My "Personal" 

================ Certificate 0 ================ 

Serial Number: f61f71e40bcb5d14452d7edd2a034d22801fb547 

Issuer: CN=Utimaco-RootCA, DC=utimaco, DC=local 

 NotBefore: 3/25/2022 8:31 AM 

 NotAfter: 3/25/2023 8:31 AM 

Subject: CN=YourCompany Code Signing, O=YourCompany, L=Aachen, C=DE 

Non-root Certificate 

Template: 

1.3.6.1.4.1.311.21.8.16593323.14862581.6636168.15641503.12204691.200.1114 8576.10529166 

Cert Hash(sha1): f61f71e40bcb5d14452d7edd2a034d22801fb547 

  Key Container = tq-e5742d68-a308-4768-969c-dc11f7c3ed63 

  Unique container name: D5A46CE713A51CA294D36197C327E614   Provider = Utimaco CryptoServer Key Storage Provider 

Private key is NOT exportable 

Signature test passed 

CertUtil: -repairstore command completed successfully.

5. After the repairstore command has been successfully executed, refresh the certificate manager snap in, open the certificate and make sure you see the message "You have a private key that corresponds to this certificate".