Take Three - x64 Driver Signing ???

Any updates to this topic ?
As I near commercialization of a product it’s time to worry about signing the installation package. I do not want to purchase a certificate today that I will not be able to use for x64 signing tomorrow. I would like an inexpensive option. Most references I have seen are from VeriSign. They are not cheap (at least for a one man operation like me!)
The big problem is that VeriSign will not confirm that their certificates will work with Vista. I am assuming that what has been used so far has been the VeriSign Authenticode Digital ID.

As an inquiring mind I have one other question if you happen to know … when the certificate expires and you renew … do you get a new public/private key pair ? or is their an option to renew the certificate with the previous public/private key pair ?

I recommend you read the following threads:

How to sign:
http://www.osronline.com/showThread.cfm?link=98053

More info on signing, including which CAs are acceptable (link to MS web page):
http://www.osronline.com/showThread.cfm?link=98055

The archives are a wonderful thing :slight_smile:

Note that I was told that the Kernel Mode Code Signing walkthrough has been updated in the past 30 days, so it’s now even “more correct.”

Of course Verisign won’t tell you their cert with work with Vista. It’s not UP to Verisign, it’s up to Microsoft. But, given that this whole nonsense is for Vista, it’s pretty clear to me that any of the listed CAs will work for Vista. Choose one.

In terms of renewal: I don’t believe new keys will be required.

Peter
OSR

As Peter says, go with his links + KMCS walkthrough and everything
should work without problems.

I was unsure which cert to get so asked our contact at Verisign, she
confirmed that the Authenticode ID was the one we needed, which I am
pleased to say it does :slight_smile:

Daryl

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com
Sent: 23 October 2006 03:34
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Take Three - x64 Driver Signing ???

I recommend you read the following threads:

How to sign:
http://www.osronline.com/showThread.cfm?link=98053

More info on signing, including which CAs are acceptable (link to MS web
page):
http://www.osronline.com/showThread.cfm?link=98055

The archives are a wonderful thing :slight_smile:

Note that I was told that the Kernel Mode Code Signing walkthrough has
been updated in the past 30 days, so it’s now even “more correct.”

Of course Verisign won’t tell you their cert with work with Vista. It’s
not UP to Verisign, it’s up to Microsoft. But, given that this whole
nonsense is for Vista, it’s pretty clear to me that any of the listed
CAs will work for Vista. Choose one.

In terms of renewal: I don’t believe new keys will be required.

Peter
OSR


Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer