How do i create the key and crt file from given code signing file cer only?

Question

I have code signing certificate, from them i got a X.cer file only.
when i need to sign my .exe i need a PFX file for that i need two files A.key and B.crt

Q. How do i make from X.cer file, A.key and B.crt? so that i can start Step 1?

Step 1:

$ openssl pkcs12 -inkey A.key -in B.crt -export -out GOAL.pfx

Step 2:

signtool sign /debug /f GOAL.pfx /p MyPassword MyFile.exe

or

signtool sign /debug /n "My Company Certificate" MyFile.exe

EDIT: still confused how do i make that A.key file?

openssl pkcs12 -export -in X.cer -inkey A.key -out GOAL.pfx -certfile ??.cer

or

openssl pkcs12 -export -in X.cer -inkey A.key -out GOAL.pfx

The -in specifies input certificate to embed in output file (code sign official file)

The -inkey specifies the key file you've generated using OpenSSL (??????? how ?????)

The -out tells the openssl your desired name for output file (PFX file )

The -certfile is used to specify additional certificates to add to the output pfx file (it could be ignored) optional.

Answer 1

NOTE: Many experts believes and ignores completely that "YOU DO NOT HAVE KEY FILE", please note that it normal, many Vendors do not ask for KEY files they make themselves all and provides PFX or CER files only. As a result it becomes confusing,like my case.

1) To create A.key

$ openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
Generating a 2048 bit RSA private key
...............+++
....................+++
writing new private key to 'privateKey.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:BE
State or Province Name (full name) [Some-State]:Oost-Vlanderen
Locality Name (eg, city) []:Dendermonde
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TEST
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:NAME of DEVLOPER
Email Address []:email@domain.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

$ ls
CSR.csr     privateKey.key

2) To have the B.crt just rename the X.cer

3) finally apply the

openssl pkcs12 -export -in X.cer -inkey A.key -out GOAL.pfx

EDIT: Finally its done, i do not have KEY file yet. Vendor given me PFX file

C:\Program Files (x86)\Windows Kits\8.0\bin\x86>signtool.exe sign /debug /f C:\Users\sun\Downloads\s.pfx /p 1234password C:\Users\sun\Downloads\IeAddOnDemo\IeAddOnDemo\bin\Debug\IeAddOnDemo.dll

The following certificates were considered:
    Issued to: xxxxN.V./S.A.
    Issued by: GlobalSign CodeSigning CA - SHA256 - G2
    Expires:   Wed Apr 08 18:13:59 2015
    SHA1 hash: xxxxx

    Issued to: GlobalSign CodeSigning CA - SHA256 - G2
    Issued by: GlobalSign
    Expires:   Fri Aug 02 12:00:00 2019
    SHA1 hash: xxxxxx

After EKU filter, 2 certs were left.
After expiry filter, 2 certs were left.
After Private Key filter, 1 certs were left.
The following certificate was selected:
    Issued to: xxxN.V./S.A.
    Issued by: GlobalSign CodeSigning CA - SHA256 - G2
    Expires:   Wed Apr 08 18:13:59 2015
    SHA1 hash: xxx


The following additional certificates will be attached:
    Issued to: GlobalSign CodeSigning CA - SHA256 - G2
    Issued by: GlobalSign
    Expires:   Fri Aug 02 12:00:00 2019
    SHA1 hash: xxxx

Done Adding Additional Store
Successfully signed: C:\Users\sun\Downloads\IeAddOnDemo\IeAddOnDemo\bin\Debug\IeAddOnDemo.dll

Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0