@“Peter_Viscarola_(OSR)” said:
It’s all such a mystery; And MSFT has – once again – managed to make a complete and total mess of things due to lack of clear, concise, and technically accurate communications to the 3rd party driver developer community.It’s so frustrating. I’ve been working on this, with some time spent on it every week, since OCTOBER.
OK, OK, OK… I’ll calm down.
As you’ve noted, I see that some cross-certs have been issued that (as you noted) don’t expire until 2025. That’s super interesting, and it’ll be interesting to know whether the EV Certs that (for example) Entrust issues today are issued by the “Entrust Root Certification Authority – G2” (with a 2025 expiring cross-cert). Here at OSR we, coincidentally, JUST got a new EV Cert from Entrust… I’ll check to see what the specific CA is, and if the new cross-cert works on down-level machines. After all, there’s a separate issue as to whether the “new” Trust Root CA gets updated in the Trust Root Cert Store on Win7 the down-level machines.
Glad to know I’m not the only one confused by all this mess that Microsoft has caused… please do update us about that Entrust EV Cert.
I think it’s important not to confuse the cert “working” (that is, you can use it to sign your code, and you can use it for Dashboard submissions) with the cert having an available cross-certificate that allows cross-signed drivers to load on down-level versions of the OS. The EV Cert we got from Entrust two weeks ago indeed “works”… we can sign with it.
But based on digicert’s website, it seems like the 3 year EV cert that they are offering will work on any version of windows for 3 years, isn’t it?
And, of course, cross-signing does not “work” on any flavor of Windows 10, regardless of the cross-cert.
Are you talking about the fact that EV cert is required for drivers to get loaded in windows 10 computers that have secure boot on, or …?
I’m confused too. I’ll send some email to my friends in Redmond today, and see if I can gain some clarity. No promises that I’ll get a coherent response… so don’t hold your breath.
Thank you Peter, please do update us.