Q: Where do I find "Certificates" on my computer?

A: Microsoft installs a tool that will let you browse the certificates installed on the PC you are using. Go to Start > type mmc.exe in the search bar. 

(1) Go to File > Add/Remove Snap-in...

(2) Select Certificates

(3) Click  Add > then select Current User

(4) Click OK

Figure 1. MMC

Figure 2. MMC Certificate View for Current User

Find the certificate by expanding the tree, then right-click on a certificate to Open. The certificate path will be shown as below:

Figure 3. Viewing Code Signing Certificate properties in MMC

Q: I don't see my Code Signing Certificate when I open the FDI Package Signing Tool, is this a problem?

A: The FDI Signing Tool defaults to the Personal folder, therefore you may need to copy your company's Code Signing Certificate to your Personal folder.

Browse for the Code Signing Certificate by expanding the trees in MMC.exe:

Figure 4. Expanding the folder tree in MMC

Right-click on the Certificate to Copy it. Then open your Personal folder and Paste the certificate there. 

Now when the FDI Signing Tool is launched, it will find the Code Signing Certificate.

Figure 5. FDI Package Signing Tool - Browse for Certificate Serial number

Q: There is one or more "Intermediate" Certificates for my Code Signing Certificate, how are they added to my signature?

A: You will need to create a text file with .PEM extention to capture the Intermediate Certificate information to pass correctly to the FDI Package Signing Tool. 

Using the MMC.exe, expand the list of Intermediate Certificates (see Figure 4). 

Next, right-click to Open the certificate. Go to the Details tab, then click on Copy to File... 

Figure 6. Saving the Intermediate Certificates

Figure 7. Save as Base-64 format

Save the intermediate certificate with any file name in a known directory (i.e. Documents\Temp). Once all of the Intermediate Certificates have been extracted, open a text editor program. 

Open the *.CER file in the text editor program (see Figure 8).

Figure 8. Raw Certificate in Text Editor

Go to File > Save As... and save this file with the .PEM extension.  

If multiple Intermediate Certificates are needed, copy and paste the text from the other files to the bottom of the *.PEM text file. Include all of the text, including -----BEGIN CERTIFICATE----- and ------END CERTIFICATE-----

Save the *.PEM file in a known location. 

Go to the FDI Package Signing Tool and browse for the *.PEM file you created (see Figure 9). 

Figure 9. Finding the *.PEM file

Q: Do I need to include Intermediate Certificates in my signature?

A: It is recommended you always do this.

Q: Do I need to include a Secure Timeserver URL in my signature?

A: It is recommended you always do this.

Q: The FDI Package Signing Tool failed to sign my file with "Signature verification overall result: ERROR". How do I fix this error?

Figure 10. Error message

A: Microsoft offers a "Root Certificate Store" for all Windows users. If you do not keep this up-to-date, you may see this type of error message when attempting to sign a package. Please see Install Root Certificates for detailed instructions.