It’s all such a mystery; And MSFT has – once again – managed to make a complete and total mess of things due to lack of clear, concise, and technically accurate communications to the 3rd party driver developer community.
It’s so frustrating. I’ve been working on this, with some time spent on it every week, since OCTOBER.
OK, OK, OK… I’ll calm down.
As you’ve noted, I see that some cross-certs have been issued that (as you noted) don’t expire until 2025. That’s super interesting, and it’ll be interesting to know whether the EV Certs that (for example) Entrust issues today are issued by the “Entrust Root Certification Authority – G2” (with a 2025 expiring cross-cert). Here at OSR we, coincidentally, JUST got a new EV Cert from Entrust… I’ll check to see what the specific CA is, and if the new cross-cert works on down-level machines. After all, there’s a separate issue as to whether the “new” Trust Root CA gets updated in the Trust Root Cert Store on Win7 the down-level machines.
companies like DigiCert are still selling code signing EV and non EV certificates that based on their claim, will work for up to 3 years
I think it’s important not to confuse the cert “working” (that is, you can use it to sign your code, and you can use it for Dashboard submissions) with the cert having an available cross-certificate that allows cross-signed drivers to load on down-level versions of the OS. The EV Cert we got from Entrust two weeks ago indeed “works”… we can sign with it.
And, of course, cross-signing does not “work” on any flavor of Windows 10, regardless of the cross-cert.
I’m confused too. I’ll send some email to my friends in Redmond today, and see if I can gain some clarity. No promises that I’ll get a coherent response… so don’t hold your breath.
Peter