can i install q test certificate in my clients PC??

NTDEV
1

Hi All,

Am developing a PnP package for USB device driver. To get rid of certificate warnings i created my own test certificate. Its working fine too. Now i have some doubts in it

  1. can i install my test certificate in clients pc? ie., Is it legal to distribute test certificate for commercial use??

  2. If i cant wat are the ways i can solve the problem.

  3. If i can distribute my test certificate to install it in my client pc, i want certmgr.exe which i found tat i cant distribute it. if so wat are the other ways to install my certificate in clients pc??

  4. I found keytool will be use full to install certificate is it that the right way?? If am wrong please correct me. can i get any other open source to do the same job??

  5. Finally, is there any other ways to get a certificate with out cost or solve this problem?

Am bit new to this field so could you please explain in detail?? Even providing some links will be a great deed…

Thanks in advance…

2

sethu raman wrote:

Am developing a PnP package for USB device driver. To
get rid of certificate warnings i created my own test certificate.
Its working fine too. Now i have some doubts in it

  1. can i install my test certificate in clients pc? ie., Is it
    legal to distribute test certificate for commercial use??

And now we know why Bob said “I’ve said too much…”

3

Sure! Happy to do it: Get yourself a proper Class 3 Code Signing Certificate and use it to sign your driver. It’s as simple as that. The whole point of the kernel-mode code signing program is that Kernel mode modules need to be identified as to their origin. The way you do this is by getting a Class 3 Code Signing Certificate. It costs a few hundred dollars. Pay for it, find somebody else to pay for it, find somebody who has a legitimate certificate who’ll sign your driver, or give up distributing your driver. It’s really that simple.

Peter
OSR

4

xxxxx@gmail.com wrote:

Am developing a PnP package for USB device driver. To get rid of certificate warnings i created my own test certificate. Its working fine too. Now i have some doubts in it

  1. can i install my test certificate in clients pc? ie., Is it legal to distribute test certificate for commercial use??

Legal? Yes, but your clients should object to it. Certificates are
there for a reason. They establish accountability, and a “chain of
trust”, starting from the core “certificate authorities”. The world has
decided that Verisign and GlobalSign are trustworthy. When you sign
something with a certificate they issued, the world knows that the
package was created by you, and ONLY you, and that there is a way to
find you.

Remember that one major purpose for driver signing is liability. If
your signed driver crashes and causes personal injury, that signed
driver can be used as evidence that you wrote it. Further, the
certificate authority knows how to find you, because you had to give an
address when you got it, and the certificate authority verifies the address.

By installing your certificate, your clients are saying “I trust that
this company is who they say it is, and I trust everything this company
might produce, now or in the future.” You can put a fake address in
your own certificates.

It is a dangerous thing to do. I would never allow it on my machine.

  1. If i can distribute my test certificate to install it in my client pc, i want certmgr.exe which i found tat i cant distribute it. if so wat are the other ways to install my certificate in clients pc??

Certmgr is a command that is built-in to the operating system.
Symantec/Verisign has help recipes in their knowledge base on how to use it.

  1. Finally, is there any other ways to get a certificate with out cost or solve this problem?

No. Spend the $300. It is a cost of doing business in the driver world.

Am bit new to this field so could you please explain in detail?? Even providing some links will be a great deed…

Follow the rules. They are there for a reason.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

5

Thanks a lot Tim Roberts and Peter Viscarola its really use full.
And i dont understand what chris wants to convey
"And now we know why Bob said “I’ve said too much…”!!! I already said am new to this!!
thank u chris i ll use abacus as u said!!!

6

sethu raman wrote:

thank u chris i ll use abacus as u said!!!

Glad I could help :slight_smile: