I think that in order to make the end user more comfortable downloading
and installing a unknown application it is now necessary to have a code
signing certificate.

That said, the process is a real PIA and I am stuck getting the .spc and
..pvk out of a comodo certificate I purchased through SetupBuilder (good
Value)

SO,

Does anyone Know of a utility to extract those files from the
Certificate, why the mystery after you have been verified as legitimate?

Bill