Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

GoDaddy certificate - not accepted - Windows Developer Dashboard

sarathy365sarathy365 Member Posts: 4
edited May 3 in NTDEV

We have purchased GoDaddy driver signing certificate.

Kernel driver was signed with that certificate, works properly except on latest Windows 10 machines with SecureBoot ON.
On further debugging, we found the driver should be signed by Microsoft. Then, We tried to use that GoDaddy certificate in Developer dashboard.
But it fails "Your certificate's CA root cert is not in the approved list of root certs"

Is GoDaddy driver signing certificate valid for kernel driver certification through Developer Portal?
Also Microsoft prescribes EV certificate from Symantec, Entrust, DigiCert, GlobalSign.

Comments

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,211

    Also Microsoft prescribes EV certificate from Symantec, Entrust, DigiCert, GlobalSign.

    Right. You need an EV cert. do you have an EV cert?

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • sarathy365sarathy365 Member Posts: 4
    edited May 3

    Nope, yet to get one.

    So, GoDaddy certificate won't be enough to run kernel driver in latest Win10 machines ?
    And EV code signing certificate is the only way ?

    @Peter_Viscarola_(OSR) said:

    Also Microsoft prescribes EV certificate from Symantec, Entrust, DigiCert, GlobalSign.

    Right. You need an EV cert. do you have an EV cert?

    Peter

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,211

    So, GoDaddy certificate won't be enough to run kernel driver in latest Win10 machines ?

    And EV code signing certificate is the only way ?

    Correct. I undestand the situation is confusing. But this has been discussed on this forum in frightening detail for more than 3 years now.

    All drivers need to be signed by MSFT to be loaded on Win10, if SecureBoot is enabled. You can get MSFT to sign your driver either of two ways: (a) Pass the HLKs, (b) Use the "Attestation Signing" process to get MSFT to sign your driver (no passing tests needed).

    In either case you need an account on the Microsoft Partner Center Hardware Dashboard. Just sign up for it, it doesn't cost anything. However, to be able to successfully submit your driver for ANY kind of signing, you need to acquire an EV Certificate in your company's name and upload this cert to the Dashboard.

    You will also need to sign the drivers you upload with this certificate (or another non-EV certificate you have registered with the dashboard, AFTER you have registered your EV Certificate -- An EV Certificate is absolutely required to prove who you are).

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • sarathy365sarathy365 Member Posts: 4

    Hi Peter,

    Thanks for your info.
    We will proceed purchasing a EV certificate.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Developing Minifilters 29 July 2019 OSR Seminar Space
Writing WDF Drivers 23 Sept 2019 OSR Seminar Space
Kernel Debugging 21 Oct 2019 OSR Seminar Space
Internals & Software Drivers 18 Nov 2019 Dulles, VA