Hi all,
we have a WHQL qualified driver, and it’s cert is expiring on 23rd January
2010. We had the driver signed this year in october some time. So do we need
to rerun WHQL on same binaries and re-submit for certification? What is the
process to get the cert renewed?
thanks
–
Do ‘properties’ on the sys and cat files. Look at all the digital signatures. If you have a timestamp applied and the certificates have not been revoked, then it will remain valid for the operating systems for which it was signed. You did not say whose certificate is expiring. There should be several involved in all the signing that goes into this. Yours, cross certificate for 64-bit (optionally 32-bit), Microsoft WHQL, and the various timestamps.
“amitr0” wrote in message news:xxxxx@ntdev…
Hi all,
we have a WHQL qualified driver, and it’s cert is expiring on 23rd January 2010. We had the driver signed this year in october some time. So do we need to rerun WHQL on same binaries and re-submit for certification? What is the process to get the cert renewed?
thanks
–
- amitr0
i double clicked on the cat file, did a view sig which showed signing time
as Saturday, October 24, 2009 12:09:00 PM -> view cert which shows valid
from 23/10/2008 to 23/1/2010
On Fri, Nov 13, 2009 at 11:25 AM, David Craig wrote:
> Do ‘properties’ on the sys and cat files. Look at all the digital
> signatures. If you have a timestamp applied and the certificates have not
> been revoked, then it will remain valid for the operating systems for which
> it was signed. You did not say whose certificate is expiring. There should
> be several involved in all the signing that goes into this. Yours, cross
> certificate for 64-bit (optionally 32-bit), Microsoft WHQL, and the various
> timestamps.
>
> “amitr0” wrote in message news:xxxxx@ntdev…
> Hi all,
>
> we have a WHQL qualified driver, and it’s cert is expiring on 23rd January
> 2010. We had the driver signed this year in october some time. So do we need
> to rerun WHQL on same binaries and re-submit for certification? What is the
> process to get the cert renewed?
>
> thanks
>
> –
>
> - amitr0
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
- amitr0
On 11/13/2009 6:15 AM, amitr0 wrote:
we have a WHQL qualified driver, and it’s cert is expiring on 23rd
January 2010. We had the driver signed this year in october some time.
So do we need to rerun WHQL on same binaries and re-submit for
certification? What is the process to get the cert renewed?
As far as I have seen, Microsoft not only provides the WHQL signature,
but also timestamps it with its own “Microsoft Timestamping Service”.
If an application or driver is signed and timestamped, the signature
will not expire. Then you don’t need to re-submit.
How to check (e.g. “msn9.cat” from WinXP/English):
In Windows Explorer,
Adding a cryptographic timestamp to a binary file or signature “proves”
that the file existed / the signature was valid at the time of the
timestamp. You add a “countersignature” from e.g. VeriSign, that
establishes cryptographic proof of the time the file was signed.
Please read
“Time Stamping Authenticode Signatures”:
http://msdn.microsoft.com/en-us/library/bb931395(VS.85).aspx
“SignTool”:
http://msdn.microsoft.com/en-us/library/aa387764(VS.85).aspx
“Release-Signing a Driver Package’s Catalog File”:
http://msdn.microsoft.com/en-us/library/dd419907.aspx
amitr0 wrote:
i double clicked on the cat file, did a view sig which showed signing
time as Saturday, October 24, 2009 12:09:00 PM -> view cert which
shows valid from 23/10/2008 to 23/1/2010
As long as you followed the normal recipes, your signed packages are
valid forever. The expiration merely means that you can’t sign any NEW
drivers after Jan 23.
You’ll need to contact your certificate vendor about getting a renewal.
I don’t know whether the renewal process is any easier than the initial
application or not – my certificate comes up for renewal for the first
time on January 10…
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.