none
Test Case 3: Digitally sign files and drivers FAIL in Windows 7 Logo test RRS feed

  • Question

  • Hi, 

        In my application installer, I need to install a driver for my app. But during the Windows 7 Logo test,
    when I finished installing my app, there is a dialog prompt that my driver does not have a valid signature.
    What confuesed me is that my driver is really digitally signed successfully, I can see it in the properties of
    the driver, but why the logo test still failed for not have a valid signature?

        Here is how I digitally signed my driver.

    signtool sign /ac mscv-vsclass3.cer /s my /n MyCompanyName /t http://timestamp.verisign.com/scripts/timestamp.dll MyDriver.sys

    SignTool verify /v /kp MyDriver.sys

    Thanks.
    Friday, September 11, 2009 3:03 AM

All replies

  • Hi,

    Code-sign files with your VeriSign ID

    Adding the root certificate to the certificate store (Organizational Certificate only)

    If you are planning on using a VeriSign Organizational Certificate, both the computer used for purchasing and the computer used for code-signing must have the root certificate installed in the computer’s Trusted Root Certification Authorities certificate store before purchasing or signing can take place. The root certificate must be added to the Trusted Root Certification Authorities certificate store only once.

     Follow these steps to add the root certificate to the certificate store of your machine:

    1. Download the root certificate for the VeriSign Organizational Certificate here.

    2. Click Start, click Start Search, type mmc, and then press ENTER.

    3. On the File menu, click Add/Remove Snap-in.

    4. Under Available snap-ins, double-click Certificates, select Computer account, click Finish, and then click OK to close the main ‘Add or Remove Snap-ins’ dialog box.

    5. In the console tree, expand Certificates and then Trusted Root Certification Authorities.

    6. Right-click the Trusted Root Certification Authorities store.

    7. Click Import to import the certificates and follow the steps in the Certificate Import wizard

     

    Alternatively, you can use the certmgr tool to add the root certificate to the certificate store of your machine.  

    Please click here for further documentation on how to use the certmgr tool.  

    Code Signing Files (Organizational & Authenticode Certificates)

    Follow these steps to sign a file using signtool.exe which is shipped as part of the WDK.  Note that signtool.exe replaces signcode.exe.  The latter is no longer supported by Microsoft.

     

    Option 1: Signing directly from the certificate store on a Windows machine.  Note signtool.exe is not supported on Microsoft Windows NT, Windows Me, Windows 98 or Windows 95.

     

    1. Put the following files in a folder called c:\keys

    1.  
      • signtool.exe

      • jbxxxxxx.cab or winqual.exe (this is the file that you want to sign)

    2. Click Start, Run, Type cmd.exe and then press ENTER to open a Command Prompt window.

    3. In the Command Prompt Window enter the following…

      • Type:    c:                and press ENTER

      • Type:    cd\              and press ENTER

      • Type:    cd keys    and press ENTER

     

    The prompt should now read c:\keys

     

    1. Type in the following command on one line and press ENTER

    signtool sign /a /t http://timestamp.verisign.com/scripts/timstamp.dll winqual.exe

     

     

    Option 2: Signing from a .pfx file.  

     

    1. Using the Certificates snap-in for MMC, navigate to the VeriSign Organization Certificate, right-click and select All Tasks > Export… to open the Certificate Export Wizard.

    2. Follow the steps to export the certificate and save the .pfx file taking care not to delete the private key if this is not desired.

    3. Put the following files in a folder called c:\keys

    1.  
      • signtool.exe

      • jbxxxxxx.cab or winqual.exe (this is the file that you want to sign)

      • orgcert.pfx (this is the exported VeriSign organizational certificate)

    1. In the Command Prompt Window enter the following…

    1.  
      • Type:    c:                and press ENTER

      • Type:    cd\              and press ENTER

      • Type:    cd keys    and press ENTER

     The prompt should now read c:\keys

    1. Type in the following command on one line and press ENTER

    signtool sign /f orgcert.pfx /p password /t http://timestamp.verisign.com/scripts/timstamp.dll winqual.exe

     For More Reference we can check https://winqual.microsoft.com/Help/default.htm#code-sign_files_with_your_verisign_id.htm#Class3
                                                       (or)
    http://msdn.microsoft.com/en-us/library/dd406710.aspx
    (or)
    http://msdn.microsoft.com/en-us/library/aa906249.aspx

    • Proposed as answer by Anil Inampudi Friday, September 25, 2009 11:19 AM
    Thursday, September 24, 2009 7:22 PM