I have a driver software I compiled for windows 7. I have used DigiCert Code signing certificate (CN = DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1) to sign the installation package. With the previous version of this driver I used Verisign certificate (VeriSign Class 3 Code Signing 2010 CA).
The new Digicert one is using SHA256 signature alg and Verisign had SHA1 alg. When I installed the previous version of driver (verisign signed), I never had a windows security warning screen pops up asking "Would you like to install this device software". But with new Digicert I have that warning pops up. I'm trying to avoid this warning as my software is usually installed in an unattended environments. Things I have tried so far
- Updated my windows 7 with below updates to support SHA2 code signing
KB4474419 and KB4490628 - Tried adding the certificate manually under Trusted Publishers list using certutil
- I don't think cross signing by Microsoft is not a solution becuase this is Windows 7 and I read in another forum someone having the same problem and Cross signing didn't help.
Any help with this is highly appreciated.