Extended Validation Code Signing Certificate

Can an EV certificate be sufficient for ALL Microsoft interactions?

WHQL Account submissions
Signing on all Win7 and later platforms
App Authenticode signing

In past some certs were good for signing, but not sufficient for setting up
WHQL account.

Basically: Is one EV cert all that is needed or are there more in the
woodwork?

Thomas

Hi Thomas,

Did you read my blog post on this topic?

https:</https:>

An EV Cert from Symantec (Verisign) or Digicert are required for your SysDev account.

You can also use this to sign drivers. The problem is that EV Certs all use SHA256. KMCS with SHA256 has not been supported on Win7, as we’ve discussed here numerous times. As of a couple of weeks ago, there was a KB released https: that enables SHA256 code signing to work for Win7. Hopefully, this will work better than last year’s KB for this purpsoe that had to be recalled. I haven’t tried it, myself. I don’t know anybody who HAS tried it. So, I can’t attest to whether it works or not.

But THIS lack of certain Win7 support is the reason I didn’t convert our SHA1 Class 3 Code Signing Certificate into an EV Cert… and had to folk over extra money for a seprate EV Cert.

Peter
OSR
@OSRDrivers</https:>

Pennies count for me. I have (or had) a SysDev account based on a Verisign
cert in the past, but had to drop to cheaper GlobalSign.

Well, maybe like Apple I’ll just have to drop Win7. :slight_smile:

Thanks for your posts about WinHec.

Thomas

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: Sunday, March 22, 2015 9:34 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Extended Validation Code Signing Certificate

Hi Thomas,

Did you read my blog post on this topic?

https:s-windows-10/>

An EV Cert from Symantec (Verisign) or Digicert are required for your SysDev
account.

You can also use this to sign drivers. The problem is that EV Certs all use
SHA256. KMCS with SHA256 has not been supported on Win7, as we’ve discussed
here numerous times. As of a couple of weeks ago, there was a KB released
https: that enables
SHA256 code signing to work for Win7. Hopefully, this will work better than
last year’s KB for this purpsoe that had to be recalled. I haven’t tried
it, myself. I don’t know anybody who HAS tried it. So, I can’t attest to
whether it works or not.

But THIS lack of certain Win7 support is the reason I didn’t convert our
SHA1 Class 3 Code Signing Certificate into an EV Cert… and had to folk
over extra money for a seprate EV Cert.

Peter
OSR
@OSRDrivers


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</https:></https:>