I have a code-signing certificate (SPC) file from GoDaddy. The file was generated from an existing private key:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAvcG2SEalg9pvkTvtMI8cZg07tVA0RuK7LeGlFdk1smXgqrsH
.... snipped ....
MURwR0FXgNAuFNQ0yBNFNW2+o9uBceLuCSUalgi4pQw1uBmP5QkUYA==
-----END RSA PRIVATE KEY-----
I generated a certificate signing request and sent this to GoDaddy:
-----BEGIN CERTIFICATE REQUEST-----
MIICiDCCAXACAQAwQzFBMD8GCSqGSIb3DQEJARYyYXBwbGVAdGVrNC1uZXdtZWRp
.... snipped ....
nJwd9pSDPuYaNHl33N1BJkXFusG7ta0D6UjisA==
-----END CERTIFICATE REQUEST-----
GoDaddy then returned me an SPC file. My research shows that typically you'd have a SPC/PVK pair but obviously my private key isn't of PVK type. I've tried several methods (pvkimprt, pvk2pfx, openssl, keytool) but can't seem to convert my key to PVK type or my SPC to a PKCS12 type independently without both the certificate (SPC) and private key being in a single key-store.
The command that I appear to need to do this in one step is: openssl pkcs12 -in cert_from_godaddy.spc -inkey private.key -export -out full_code_signing_chain.pkcs12
However, running that I just get: Loading 'screen' into random state - done No certificate matches private key
But, the certificate (SPC) is for the private key. What am I doing wrong?!
Background: I'm trying to generate a .p12 file sign an Adobe AIR application
To be honest I can not understand at all what you are trying to do.
You got back the SPC file which is just the #PKCS7 der encoding with your certificate.
You also have your private key.
All you need to do is import the certificate to the pkcs12 keystore to have the signed certificate with your private key.