driver signing

NTFSD
1

Hi All,
recently my old certificate is expired.
So with new license, I can’t install the driver on windows 8 64 bit only. Where windows is giving me error “windows blocked the installation of digitally unsigned driver”.

When I check the properties of driver, the driver is signed and I can see the signature in “digital signatures” tab.

What could be wrong.

one thing to mention here.
Earlier I had three files while signing.

  1. MyCompany.cer
  2. MyCompany.p12
  3. StartCom Certification Authority.crt

The command i used earlier to digitally sign my driver was
signtool sign /v /ac “StartCom Certification Authority.crt” /f MyCompany.p12 /p “password” /tr http://www.startssl.com/timestamp driver.sys

then same command for installer.exe

Now I have only one file from symantec.

  1. company_authenticode_verisign.p12

I installed this certificate (as usual to my trusted root certificate authorities)
The command I used to digitally sign my driver now is
signtool sign /v /f company_authenticode_verisign.p12 /p “password” /t http://timestamp.verisign.com/scripts/timstamp.dll driver.sys

and then same command for installer.exe.
The driver and installer both are signed with success.

2

Hi! You obviously changed from StartCom to Verisign?

In this case you’ll have to download and use the Verisign-cross certificate
offered here:

http://msdn.microsoft.com/en-us/library/windows/hardware/dn170454(v=vs.85).aspx

wrote news:xxxxx@ntfsd…

Hi All,
recently my old certificate is expired.
So with new license, I can’t install the driver on windows 8 64 bit only.
Where windows is giving me error “windows blocked the installation of
digitally unsigned driver”.

When I check the properties of driver, the driver is signed and I can see
the signature in “digital signatures” tab.

What could be wrong.

one thing to mention here.
Earlier I had three files while signing.

  1. MyCompany.cer
  2. MyCompany.p12
  3. StartCom Certification Authority.crt

The command i used earlier to digitally sign my driver was
signtool sign /v /ac “StartCom Certification Authority.crt” /f MyCompany.p12
/p “password” /tr http://www.startssl.com/timestamp driver.sys

then same command for installer.exe

Now I have only one file from symantec.

  1. company_authenticode_verisign.p12

I installed this certificate (as usual to my trusted root certificate
authorities)
The command I used to digitally sign my driver now is
signtool sign /v /f company_authenticode_verisign.p12 /p “password” /t
http://timestamp.verisign.com/scripts/timstamp.dll driver.sys

and then same command for installer.exe.
The driver and installer both are signed with success.

3

Thanks Frank,
The Root certificate thumbprint doesn’t match as per the link “Find the Issuer and Thumbprint for this certificate. Then locate the corresponding entry for this CA in the list below”.

The issuer is “VeriSign Class 3 Public Primary Certification Authority ? G5” matching, but the Thumbprint don’t.