Joining GoDaddy-issued .spc and .key files into a complete .pfx / .cer certificate

In the end I managed to figure out a procedure that works. Here are the steps to generate a new PFX and CER code signing certificate from SPC and KEY files:

1. Obtain your new CodeSign.spc certificate from GoDaddy.

2. Export a PEM-formatted private key from the expired PFX:

   openssl.exe pkcs12 -in CodeSign.pfx -nocerts -out CodeSign.pem
   

3. Convert the PEM-formatted private key into the PVK format:

   pvk.exe -in CodeSign.pem -topvk -strong -out CodeSign.pvk
   

4. Combine the PVK and SPC into PFX:

   pvk2pfx.exe -pvk CodeSign.pvk -pi <passphrase> -spc CodeSign.spc -pfx CodeSign.pfx -po <passphrase> -f
   

5. Import the resulting PFX file into Windows certificate store. Remember to make it exportable.

6. Export it from the certificate store into the binary CER format as CodeSign.cer.
7. Optionally delete the certificate from the Windows certificate store.

In case you are renewing your certificate periodically you can store the PVK file and skip steps (2) and (3).

UPDATE: In case you happen to have the certificate in CRT instead of SPC format, do the following to covert it into SPC:

openssl crl2pkcs7 -nocrl -certfile CodeSign.crt -outform DER -out CodeSign.spc

Sources:

• http://www.tech-pro.net/export-to-pvk-spc.html
• http://ellisweb.net/2008/08/signing-code-using-pvk-and-spc-files/
• http://www.drh-consultancy.demon.co.uk/
• https://www.sslshopper.com/ssl-converter.html
• http://russenreaktor.wordpress.com/2010/06/10/solved-convert-signing-certificate-crt-to-spc/

The tools you will need:

• OpenSSL
• pvk.exe — see the download link at the bottom of that page (original location may not be accessible; in such a case see this article with a link to a mirror site or another direct download link here)
• pvk2pfx.exe — part of Microsoft SDKs, installs with Visual Studio 2010