Create a PKCS #7 File (Compact 2013)

  • Article

3/26/2014

Whether you want to add one or multiple certificates to the Code Integrity store on the device, the process is the same: you export the certificates to a PKCS #7 file that is named Ciroots.p7b, and then you include the Ciroots.p7b file in your OS image build as explained in Build an OS Image that Includes the PKCS #7 File. If you are adding multiple certificates, you must first import them from the certificates Management Console snap-in.

PKCS #7 is the Cryptographic Message Syntax Standard that provides syntax for distributing certificates or certificate revocation lists and other messages at a root certificate.

To create a PKCS #7 file that is named Ciroots.p7b that contains one certificate file

  1. Right-click the certificate file that was used to sign your binary file, and then click Open.

  2. In the Certificate dialog box, click the Details tab, and then click Copy to the File.

  3. The Certificate Export Wizard opens. Click Next.

    Note

    If you try to export a certificate with a private key, the Export Private Key dialog box appears. If the dialog box appears, select No, do not export the private key.

  4. In the Export File Format dialog box, perform the following steps:

    1. Select Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B).
    2. Check Include all certificates in the certification path if possible.
    3. Click Next.

  5. In the File to Export dialog box, click Browse.

  6. In the Save As dialog box, perform the following steps:

    1. In the File Name box, type Ciroots.p7b.
    2. In the Save as type box, select PKCS #7 Certificates (*.p7b).
    3. Click Save.

  7. In the File to Export dialog box, click Next.

  8. On the Completing the Certificate Export Wizard page, click Finish.

Multiple Certificate Files

Before you add multiple certificate files to the Code Integrity store on the device, you must import the certificates from the Management Console snap-in.

To import multiple certificate files

  1. At the command prompt, type certmgr.msc, and then press ENTER to open the certificates Management Console snap-in.

  2. Click the arrow next to the Personal folder.

  3. Right-click the Certificates folder, point to All Tasks, and then click Import.

  4. The Certificate Import Wizard opens. Click Next.

  5. In the File to Import dialog box, click Browse.

  6. In the Open dialog box, select the certificate file to import, and then click Open.

  7. In the Certificate Store dialog box, perform the following steps:

    1. Select Place all certificates in the following store.
    2. In Certificate store, enter Personal.
    3. Click Next.

  8. On the Completing the Certificate Import Wizard page, click Finish.

  9. Repeat steps 2 through 8 for each certificate you want to import.

To create a PKCS #7 file that is named Ciroots.p7b that contains multiple certificate files

  1. At the command prompt, type certmgr.msc, and then press ENTER to open the certificates Management Console snap-in, if the console is not already open.

  2. Click the arrow next to the Personal folder, and then click the Certificates folder.

  3. In the right pane of the certificates Management Console snap-in window, with Personal\Certificates selected in the left pane, select all the imported certificates that you want to export.

  4. After you select the certificates, right-click the highlighted certificates, point to All Tasks, and then click Export.

  5. The Certificate Export Wizard opens. Click Next.

    Note

    If you try to export a certificate with a private key, the Export Private Key dialog box appears. If the dialog box appears, select No, do not export the private key.

  6. In the Export File Format dialog box, perform the following steps:

    1. Select Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B).
    2. Check Include all certificates in the certification path if possible.
    3. Click Next.

  7. In the File to Export dialog box, click Browse.

  8. In the Save As dialog box, follow these steps:

    1. In the File Name box, type Ciroots.p7b.
    2. In the Save as type box, select PKCS #7 Certificates (*.p7b).
    3. Click Save.

  9. In the File to Export dialog box, click Next.

  10. On the Completing the Certificate Export Wizard page, click Finish.

    Note

    After you have exported the certificates, delete them from the Personal\Certificates store.

See Also

Concepts

Deploy an Application on an OS with Security Loader