I’ve now completed this process successfully using both the minispy driver
and my own driver, a test signing certificate and the MS KMCS walkthrough
doc, however…
I received my purchased certificate from GlobalSign today, as a “.pem” file,
and seem unable to import it successfully into the certificate store.
IE7 security settings need to be turned off for it to even create the
Scripting object which tries to install the cert from the download - which
then fails due to the root CA not being installed as part of the chain -
this root CA is also a pem file.
Root CA can be found here:
http://www.globalsign.com/support/root-certificate/osroot.htm I have been
selecting the Base 64 DER .pem Root CA.
GlobalSign have come back to me saying “it’s playing up on Vista at the
moment” so I’m a little stuck at the moment, I’ve tried a tool on the web
called PVKTOOL, which also failed to convert the pem to a pvk. If anyone
has any tips having been through this already so I don’t have to reinvent
this wheel then i’d be grateful.
And it was all going so well…
Crispin.
P.S. OS is Windows Server 2008 x64 Free (with TESTSIGNING now off)
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@dsl.pipex.com
Sent: Monday, July 14, 2008 12:12
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Windows Server 2008 x64 Free signing
Quoting Crispin Wright :
> Thanks Hagen,
>
> I suppose it’s a good thing - it forces me to go through the process
sooner
> rather than later. I have my own companies code signing certificate from
> Thawte, which I use for user mode code signing, will I be able to use this
> for Kernel mode code (driver) signing? Combined with the MS cross signing
> obviously.
>
Unfortunately Thawte certificates are not suitable for driver signing. I use
Globalsign but there are (only a few)
others. You need a certificate that Microsoft has a cross certificate for.
Follow the link and choose one that is
acceptable to you. Contact your new favoured certificate authority pay money
and go through the proof of identity
procedure they have (Theoretically you should be able to do this with your
Thawte certificate but I suspect you can
not)
http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx
-------------------------------------------------
Visit Pipex Business: The homepage for UK Small Businesses
Go to http://www.pipex.co.uk/business-services
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Information from ESET NOD32 Antivirus, version of virus signature
database 3265 (20080714)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Information from ESET NOD32 Antivirus, version of virus signature
database 3396 (20080828)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com