Authenticode problems under Windows 2003

I’m signing my drivers inf catalog file using a valid certificate issues by “Verisign Class 3 Code signing 2004 CA”.

Under vista, I see the following lines in setupapi.dev.log:
(my certificate is installed in the trusted publishers store)

! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

sig: Error 0xe0000241: The INF was signed with an Authenticode™ catalog from a trusted publisher.
sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 06:02:44.054

According to Microsoft’s “Troubleshooting Device Installation with the SetupAPI Log File” (SetupAPILog.doc), I should see the same log lines (and pseudo errors) in Windows 2003.

Alas, I’m seeing ONLY the 0x800b0109 error line, which means (according to SetupAPILog.doc) that the driver does not have a WHQL catalog (indeed).

It seems that for some reason, Windows 2003 doesn’t recognize my Verisign issued Authenticode certificate.

The problem persist whether I’m using Microsoft-Verisign cross certificate (MSCV-VSClass3.cer) to sign my catalog or not.

Any help would be appreciated…

My mistake.
The driver is a NET driver (NDIS miniport), with a WHQL test procedures,
Hence it can’t be sign with Authenticode on Windows 2003.

Guy