Driver attestation and Dual Signature on Driver

Hi,
I have, for the first time, submitted a driver for attestation (suing a digicert EV Certificate).The first time it was unsuccessful (due to putting the binaries in the root directory of the .cab file). The second time it was signed without problems. So far so good.
However, the driver did not load as expected and neither did it pass the signtool.exe verification process. After some playing around, I realized that the .sys file had 2 digital signatures. One the Microsoft Signature just singed from the Partner Center. THe other was the Test Signature I used during developement in order to be able to test it. The problem is that the verification tool was only capturing the Test Signature, and thus not passing the verification process (see both pictures below).


So, my question is:
Is there a way to remove the Test Certificate from that .sys file?

I DID rebuild the driver without test signing it, resign it using the EV Certificate and resubmitted it for attestation. But this is another issue, where the signing process has been hanging on the ‘Preparation’ step every time for the last day, and I do not know what the promblem is cause it’s just freezing and not giving me an option to download the report (picture below).

Thanks in acvance for your help
regards
Mario

Hi there pal,
Regarding hanging submission - probably you forgot to sign the cabinet file. There is a glitch with the hardware dashboard. If you submit such a package it would briefly show you error message on the page. It disappears after refresh and this is indeed annoying

@el_corona said:
Hi there pal,
Regarding hanging submission - probably you forgot to sign the cabinet file. There is a glitch with the hardware dashboard. If you submit such a package it would briefly show you error message on the page. It disappears after refresh and this is indeed annoying

OMG, thank you sooo much. I spent 6 hrs on it yest, and forgot this simple step (probably because I had already signed the .cat file previously using the same tool - as the Digicert walkthrough said- without remembering what the MS Attestation walkthrough said).
I blame the lack of sleep :-).

Still no idea how to remove a certificate from a file thouhg (apart from re-attesting the driver wo the Test Cert in it)

Thanks a lot again!
Mario

Still no idea how to remove a certificate from a file

Try to google it up. “How to remove certificate from PE file”.
The AI does wonders /and we’re still fiddling with 20th century tech here …/

– pa

Still no idea how to remove a certificate from a file though

It’ll probably take you longer to remove the signature that it would take you to rebuild the driver without and and sign it with the proper signature. So, I’d say… why bother?

Peter

@“Peter_Viscarola_(OSR)” said:

Still no idea how to remove a certificate from a file though

It’ll probably take you longer to remove the signature that it would take you to rebuild the driver without and and sign it with the proper signature. So, I’d say… why bother?

Peter

Exactly, hence that’s what I did. Removing one (if only 1 signature is there) or all (all at once) is quite easy with the signtool.exe ‘remove’ command. But it’s trickier when you want to remove just 1 of 2 available.
Thanks.

@Pavel_A said:

Still no idea how to remove a certificate from a file

Try to google it up. “How to remove certificate from PE file”.
The AI does wonders /and we’re still fiddling with 20th century tech here …/

– pa

I always google before I post a question. This is always a last resort for me.
Removing one (if only 1 signature is there) or all (all at once) is quite easy with the signtool.exe ‘remove’ command. But it’s trickier when you want to remove just 1 of 2 signatures available.
thanks
M