Hello all,
I have a driver signed with a Thawte-bought certificate, on 64-bit Windows 7. The chain below has been verified by Thawte customer support. However, when installing, some computers say that “Windows can’t verify the publisher of this driver software” and prompt whether to install the driver. Others accept it without a prompt. I need to get rid of the prompt on all computers. What could be causing the publisher to not be known?
I do not see the “Microsoft Code Verification Root certificate” in the MMC cert store on any of my computers. How does this verification happen if there is no certificate in the store, does the computer have to be able to go out on the web? The group policies are not set up on any of them either.
Any help will be appreciated.
Thanks
Rachel
Signtool info:
signtool" sign /v /ac “…\prod_sign\Thawte_Primary_Root_CA_Cross.cer” /s MY /n “Motorola Solutions, Inc.” /t http://timestamp.verisign.com/scripts/timstamp.dll driver.cat
The following certificate was selected:
Issued to: Motorola Solutions, Inc.
Issued by: Thawte Code Signing CA - G2
Expires: Sat Jan 31 18:59:59 2015
SHA1 hash: E4C4EF132596CA37BF307BC64965B098A2665356
Cross certificate chain (using user store):
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 08:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: thawte Primary Root CA
Issued by: Microsoft Code Verification Root
Expires: Mon Feb 22 14:41:57 2021
SHA1 hash: 5538E9FEC14030B740152349E115A1165D29074A
Issued to: Thawte Code Signing CA - G2
Issued by: thawte Primary Root CA
Expires: Fri Feb 07 18:59:59 2020
SHA1 hash: 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Issued to: Motorola Solutions, Inc.
Issued by: Thawte Code Signing CA - G2
Expires: Sat Jan 31 18:59:59 2015
SHA1 hash: E4C4EF132596CA37BF307BC64965B098A2665356
Done Adding Additional Store
Successfully signed and timestamped: driver.cat
Number of files successfully Signed: 1
Number of warnings: 0
Number of errors: 0
signtool" verify /v /pa driver.cat
Verifying: cryptrmicrodriver.cat
Hash of file (sha1): A56F3DB8BBFA5104AF18800F5CE3C5F2DDDCCD6D
Signing Certificate Chain:
Issued to: Thawte Premium Server CA
Issued by: Thawte Premium Server CA
Expires: Fri Jan 01 18:59:59 2021
SHA1 hash: E0AB059420725493056062023670F7CD2EFC6666
Issued to: thawte Primary Root CA
Issued by: Thawte Premium Server CA
Expires: Wed Dec 30 18:59:59 2020
SHA1 hash: 1FA490D1D4957942CD23545F6E823D0000796EA2
Issued to: Thawte Code Signing CA - G2
Issued by: thawte Primary Root CA
Expires: Fri Feb 07 18:59:59 2020
SHA1 hash: 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Issued to: Motorola Solutions, Inc.
Issued by: Thawte Code Signing CA - G2
Expires: Sat Jan 31 18:59:59 2015
SHA1 hash: E4C4EF132596CA37BF307BC64965B098A2665356
The signature is timestamped: Tue Aug 07 14:39:44 2012
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: Thu Dec 31 18:59:59 2020
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: VeriSign Time Stamping Services CA
Issued by: Thawte Timestamping CA
Expires: Tue Dec 03 18:59:59 2013
SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Issued to: Symantec Time Stamping Services Signer - G3
Issued by: VeriSign Time Stamping Services CA
Expires: Mon Dec 31 18:59:59 2012
SHA1 hash: 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Successfully verified: driver.cat
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
signtool" verify /v /kp driver.cat
Verifying: cryptrmicrodriver.cat
Hash of file (sha1): A56F3DB8BBFA5104AF18800F5CE3C5F2DDDCCD6D
Signing Certificate Chain:
Issued to: Thawte Premium Server CA
Issued by: Thawte Premium Server CA
Expires: Fri Jan 01 18:59:59 2021
SHA1 hash: E0AB059420725493056062023670F7CD2EFC6666
Issued to: thawte Primary Root CA
Issued by: Thawte Premium Server CA
Expires: Wed Dec 30 18:59:59 2020
SHA1 hash: 1FA490D1D4957942CD23545F6E823D0000796EA2
Issued to: Thawte Code Signing CA - G2
Issued by: thawte Primary Root CA
Expires: Fri Feb 07 18:59:59 2020
SHA1 hash: 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Issued to: Motorola Solutions, Inc.
Issued by: Thawte Code Signing CA - G2
Expires: Sat Jan 31 18:59:59 2015
SHA1 hash: E4C4EF132596CA37BF307BC64965B098A2665356
The signature is timestamped: Tue Aug 07 14:39:44 2012
Timestamp Verified by:
Issued to: Thawte Timestamping CA
Issued by: Thawte Timestamping CA
Expires: Thu Dec 31 18:59:59 2020
SHA1 hash: BE36A4562FB2EE05DBB3D32323ADF445084ED656
Issued to: VeriSign Time Stamping Services CA
Issued by: Thawte Timestamping CA
Expires: Tue Dec 03 18:59:59 2013
SHA1 hash: F46AC0C6EFBB8C6A14F55F09E2D37DF4C0DE012D
Issued to: Symantec Time Stamping Services Signer - G3
Issued by: VeriSign Time Stamping Services CA
Expires: Mon Dec 31 18:59:59 2012
SHA1 hash: 8FD99D63FB3AFBD534A4F6E31DACD27F59504021
Cross Certificate Chain:
Issued to: Microsoft Code Verification Root
Issued by: Microsoft Code Verification Root
Expires: Sat Nov 01 08:54:03 2025
SHA1 hash: 8FBE4D070EF8AB1BCCAF2A9D5CCAE7282A2C66B3
Issued to: thawte Primary Root CA
Issued by: Microsoft Code Verification Root
Expires: Mon Feb 22 14:41:57 2021
SHA1 hash: 5538E9FEC14030B740152349E115A1165D29074A
Issued to: Thawte Code Signing CA - G2
Issued by: thawte Primary Root CA
Expires: Fri Feb 07 18:59:59 2020
SHA1 hash: 808D62642B7D1C4A9A83FD667F7A2A9D243FB1C7
Issued to: Motorola Solutions, Inc.
Issued by: Thawte Code Signing CA - G2
Expires: Sat Jan 31 18:59:59 2015
SHA1 hash: E4C4EF132596CA37BF307BC64965B098A2665356
Successfully verified: driver.cat
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0