Code Signing Best Practices
Download this Code Signing Best Practices guide to improve your software and supply chain security.
In the first three months of 2023, organizations had to fight an average of 1,248 attacks per week. From T-Mobile falling victim to yet another data breach — the second since the start of the year — to the German biotech company Evotec taking its systems offline due to a cyber attack, the volume of security incidents doesn’t seem to stop.
Digital certificates enable organizations to encrypt and keep data and sensitive information safe from attackers. However, in order to use one, it often requires combining the private key and the certificate files into a single bundle. The solution? A personal information exchange file (.pfx or PFX file).
Have we piqued your interest? Learn what a PFX file is and what it does; then discover how to create a PFX certificate in six quick steps.
A PFX file is another term for a public key cryptographic standard #12 (PKCS #12) file because it’s one of two file extensions that’s used for this type of file (.p12 and .pfx). Creating a .pfx file is a convenient and secure way to store important cryptographic assets in a password-protected bundle:
Image caption: The graphic shows how a PFX certificate is created and how it can reduce the risks of private key theft.
Think of it like one of those briefcases used by James Bond, where your digital certificate and keys can be locked up to keep them safe from evil-doers.
Once created, a PFX file has the same capabilities as the components included in the bundle; therefore, it can be used to:
Why is it better to separate the digital certificate and key file? Because a PFX certificate is:
So, what do you think? Are you in? Good! Let’s learn how to create a PFX certificate in six easy-peasy steps.
In December 2022, three GitHub code signing keys were stolen. The certificates were revoked in February 2023. The security breach was contained in part thanks to the fact that strong passwords protected the certificates and keys.
Are you going to be the next victim? Hopefully not. Wrapping together your digital certificate and its related key in a single, password-protected file can help you dodge a bullet. C’mon, let’s start securing those precious assets with the help of Windows GUI-based wizard. All you need is the following:
Got everything you need? Let’s go!
Go to your Windows start bar and search for your certificate management console by typing ”cert” into the field. Select it and click on Open.
Image caption: The Screenshot shows how to open the Windows management console.
Image caption: The screenshot shows how to get to the personal certificates folder to select the certificate you wish to include in your .PFX file.
This will open the Certificate Export Wizard. Press Next to continue to the next screen.
Image caption: A screenshot of the Certificate Export Wizard. Click Next to start creating your PFX file.
Image caption: A screenshot that shows how to export the private key.
This is where you’ll make selections to specify your file type and which certificates you want to include.
Image caption: A screenshot showing how to select the .pfx file format
Image caption: A screenshot that shows how to protect the private key with a password.
Image caption: A screenshot showing how to select the location where to save your PFX certificate.
Image caption: A screenshot that shows the final step to how to create a .PXF certificate.
Image caption: A screenshot confirming that the creation of your .pfx file was successful.
Last but not least, navigate to the folder where you saved your PFX file and check to ensure it’s listed to verify that everything worked correctly.
Image caption: A screenshot that shows how to verify if the .PFX file you’ve just generated has been saved in the folder of your choice.
Are you an advanced user and you’d rather use the terminal to generate your .pfx file? You can do that with OpenSSL.
As you’ve just learned, adding another layer of security to your digital certificates isn’t rocket science. Now that you know how to create a PFX file, depending on the type of certificate it is you’ve created a .pfx file for, you can use it to:
Never lower your guard, though! Cybercriminals are always looking for new ways to break into systems. Therefore, during the .PFX file generation process, don’t forget to choose a strong password. Once it’s created, be sure to store your .PFX certificate securely using a hardware security module (HSM), hardware token, or a key vault. It’s also crucial to follow certificate and key management best practices.
Done? Good, now you’re really ready to enjoy its benefits and start to crack down on potential attacks.