Neither GlobalSign or Verisign will sell me a code signing certificate because I have not formed a corporation.
Is it really impossible for an individual software developer to sign a driver in x64 vista?
I have a code signing certificate from Comodo, who was perfect happy to verify my identity and issue me the certificate, but they do not offer the required cross signing certificate required to get my driver loaded on x64 vista.
Anyone with experience here?
I believe that is correct. Don Burn knows all about this issue and I
suspect he will be happy to share his opinions on the matter 
Corporations, as we have seen, are far more reliable and trustworthy
than mere individuals.
Mark Roddy
On Sun, Mar 1, 2009 at 3:19 PM, wrote:
> Neither GlobalSign or Verisign will sell me a code signing certificate because I have not formed a corporation.
>
> Is it really impossible for an individual software developer to sign a driver in x64 vista?
>
> I have a code signing certificate from Comodo, who was perfect happy to verify my identity and issue me the certificate, but they do not offer the required cross signing certificate required to get my driver loaded on x64 vista.
>
> Anyone with experience here?
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
From: “Mark Roddy”
>I believe that is correct. Don Burn knows all about this issue and I
> suspect he will be happy to share his opinions on the matter
>
> Corporations, as we have seen, are far more reliable and trustworthy
> than mere individuals.
This issue goes back at least to 2001, when it was impossible for an
individual to get test certificates. I thought it was silly then, and I said
so. I mean, this is America! You can practice any unlicensed profession just
by hanging out your shingle, without any permission from the government.
Except in California, that is.
But here’s a question. How long does your corporation (or whatever) have to
be in existence to get an identity from somebody like GlobalSign or
Verisign? It will cost me all of $500 to form a one-person LLC (since I get
the legal work without separately stated charge). I can elect to be taxed as
a partnership, and I won’t have to pay unemployment insurance or get a
worker’s comp policy, so it’s basically as painless as working under a d/b/a
as I have been all these many years except for the annual reporting charge.
Would this let me start self signing drivers for Vista after spending
another few hundred dollars for the identity?
[Carl Sandburg might have said it: If we had a corporation, we could sign
drivers if we had a signing certificate.]
Walter Oney
Consulting and Training
www.oneysoft.com
You can (or at least you could) get the same GlobalSign certificate from
Cybertrust with just a copy of your passport. The url to the order form is
hidden but it exists:
http://cybertrust.omniroot.com/codecenter.cfm
//Daniel
wrote in message news:xxxxx@ntdev…
> Neither GlobalSign or Verisign will sell me a code signing certificate
> because I have not formed a corporation.
>
> Is it really impossible for an individual software developer to sign a
> driver in x64 vista?
>
> I have a code signing certificate from Comodo, who was perfect happy to
> verify my identity and issue me the certificate, but they do not offer the
> required cross signing certificate required to get my driver loaded on x64
> vista.
>
> Anyone with experience here?
>
I tried to purchase the code signing certificate through the link posted above today.
I was called back and told they wouldn’t sell it to me because I wanted it for ‘personal use’. They then offered to sell me a different certificate, which I asked them to verify could be used for x64 drivers.
I’m guessing from the response of their technical support department that even they don’t know what the certificates they sell can and can’t be used for.
"The cert has nothing to do with the OS except if the root is installed on that OS (cert db)
So it will work because it is a certificate not an application
Certificates are digital and don’t have anything to do with 32 or 64 bit OS’s… The applications do. Since this is most likely being used within IE, IIS, and the other MS apps the only issue is if the certificate has the correct extensions/configuration to work with those apps.
There is a download storage issue with Vista but that is a security problem with the use of ActiveX applets and Vista locking it down some."
BTW thank you all for your responses as well.
Walter your response was very interesting to me as I can do the same in Ohio for $125 and simply elect to ‘not exist’ for taxation, basically creating a no paperwork single person ghost LLC that leads back to me.
The funny thing about that is, the paperwork for the creation of an LLC in Ohio strictly and specifically forbids me from putting anything like my SSN on it. I could put the name of my dog on it and it would be listed as a valid business entity by the end of the business day.
Sales people may not be aware of it but I can absolutely confirm that these
certificates work for kernel mode signing. They are one of the few
authenticode certificates for which a cross signing certificate exists, I
use them on a daily basis.
//Daniel
wrote in message news:xxxxx@ntdev…
>I tried to purchase the code signing certificate through the link posted
>above today.
>
> I was called back and told they wouldn’t sell it to me because I wanted it
> for ‘personal use’. They then offered to sell me a different certificate,
> which I asked them to verify could be used for x64 drivers.
>
> I’m guessing from the response of their technical support department that
> even they don’t know what the certificates they sell can and can’t be used
> for.
>
> “The cert has nothing to do with the OS except if the root is installed on
> that OS (cert db)
>
> So it will work because it is a certificate not an application
>
> Certificates are digital and don’t have anything to do with 32 or 64 bit
> OS’s… The applications do. Since this is most likely being used within
> IE, IIS, and the other MS apps the only issue is if the certificate has
> the correct extensions/configuration to work with those apps.
>
> There is a download storage issue with Vista but that is a security
> problem with the use of ActiveX applets and Vista locking it down some.”
>
xxxxx@gmail.com wrote:
I tried to purchase the code signing certificate through the link posted above today.
I was called back and told they wouldn’t sell it to me because I wanted it for ‘personal use’. They then offered to sell me a different certificate, which I asked them to verify could be used for x64 drivers.
I’m guessing from the response of their technical support department that even they don’t know what the certificates they sell can and can’t be used for.
"The cert has nothing to do with the OS except if the root is installed on that OS (cert db)
So it will work because it is a certificate not an application
Certificates are digital and don’t have anything to do with 32 or 64 bit OS’s… The applications do. Since this is most likely being used within IE, IIS, and the other MS apps the only issue is if the certificate has the correct extensions/configuration to work with those apps.
There is a download storage issue with Vista but that is a security problem with the use of ActiveX applets and Vista locking it down some."
Your assessment is exactly right. They have no clue about KMCS
(kernel-mode code signing). That would give me little confidence that
they could issue a certificate that would work in that environment.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
> Sales people may not be aware of it but I can absolutely confirm that these certificates work for kernel mode signing. They are one of the few authenticode certificates for which a cross signing certificate exists, I use them on a daily basis.
Are you using the SureCodeSign product the URL you posted points to? They refused to sell me that product.
wrote in message news:xxxxx@ntdev…
>> Sales people may not be aware of it but I can absolutely confirm that
>> these certificates work for kernel mode signing. They are one of the few
>> authenticode certificates for which a cross signing certificate exists, I
>> use them on a daily basis.
>
> Are you using the SureCodeSign product the URL you posted points to? They
> refused to sell me that product.
>
Yes, I bought one in July last summer. I see the order form still has a
“personal” option but I cannot tell for sure that they have not changed
their policies regarding personal certificates in the meantime, ObjectSign
and Verisign used to be issuing personal certifactes as well in the past.
//Daniel
> Yes, I bought one in July last summer. I see the order form still has a “personal” option but I cannot tell for sure that they
have not changed their policies regarding personal certificates in the meantime, ObjectSign and Verisign used to be issuing
personal certifactes as well in the past.//Daniel
Just out of curiousity : which cross certificate has to be used with that “SureCodeSign” ? Is it “Baltimore Cybertrust” or is it
“GTE Cybertrust” , or …
Christiaan
“Christiaan Ghijselinck” wrote in
message news:xxxxx@ntdev…
>> Yes, I bought one in July last summer. I see the order form still has a
>> “personal” option but I cannot tell for sure that they have not changed
>> their policies regarding personal certificates in the meantime,
>> ObjectSign and Verisign used to be issuing personal certifactes as well
>> in the past.
>>
>> //Daniel
>
> Just out of curiousity : which cross certificate has to be used with that
> “SureCodeSign” ? Is it “Baltimore Cybertrust” or is it “GTE Cybertrust” ,
> or …
>
> Christiaan
>
GlobalSign Root CA
//Daniel