Creating a private key exportable, code signing digital signature certificate

If you have set up certificate services or CA then you can create such a PKCS request and send it to the certificate server for signing. Here are the steps.

 

Step 1:

Go to your certificate store; right click certificates -> All Tasks -> Advanced Operations -> Create Custom Request. This is shown in the screen shot below.

 

 

 

 Step 2:

Click at Next in the Certificate Enrollment dialog as shown in the screen shot below.

 

  

Step 3:

Proceed without enrollment policy and click Next. 

 

Step 4:

Select PKCS #10 and click Next.

 

Step 5:

Click at properties button from the Certificate Enrollment dialog as shown below.

 

Step 6:

Under certificate properties General tab enter a friendly name (if you want). Check to see the certificate name under the Subject tab.

 

Step 7:

Under the extension tab in certificate properties dialog, select Digital signature as shown in the screen shot below.

Under the extended key usage select Code Signing.

 

Make sure that you enable the basic constraints as shown in the screen shot below.

 

Step 8:

From the Private Key tab under the Certificate Properties dialog, select key size per your requirement and make the private key exportable as shown in the screen shot below. 

 

Click at Apply and OK and send the request for signing by a CA.