The purpose of this workaround is to bypass the lack of support for CNG certificates in the .Net Framework. I used OpenSSL to convert the certificate obtained from the Certificate Authority (Verisign, Thawte, etc) to a format supported by .Net. This tutorial builds on the workaround in the Microsoft Connect bug report.
1: Certificate text
2: Certificate imported into Windows certificate store from a root CA
1: Create a new file (CERT_ONLY.crt) with the certificate (text from —-BEGIN CERTIFICATE—– to —–END CERTIFICATE—–)
2: Import the certificate into certificate store via the CA website, then export it to file EF.pfx. Include the private key.
3: Generate PEM file with the private key only:
openssl pkcs12 -in EF.pfx -nocerts -out EF.pem
4: Convert private key to RSA format
openssl rsa -in EF.pem -out EF_RSA.pem
5: Generate the code signing certificate
openssl pkcs12 -export -out EFnew.pfx -inkey EF_RSA.pem -in CERT_ONLY.crt
6: Delete the existing certificate from the certificate store (backup first) then import the newly generated certificate