FTDI Driver Signing for Win8 (32/64) RRS feed

  • Question

  • I've managed to get so far... but the drivers still report unsigned on the machines I've tried.

    Any help or pointers would be greatly appreciated :)

    1. Using GoDaddy as our chosen certification authority we began the process of requesting a driver signing certificate to enable us to sign our modified FTDI USB drivers.
    2. The first stage was to download OpenSSL.
    3. Using this tool we were able to generate a Certificate Signing Request (.CSR) file and also a Private Key (.key) file, entering the appropriate data to describe our organisation:
               openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
    4. Next, we could logon to the GoDaddy site and setup a request for the certificate. Cut and paste the contents of the .CSR file and re-enter our organisation details.
    5. It was then GoDaddy's job to verify our organisation (with proof of address, telephone etc.). This took approximately 2/3 weeks.
    6. Eventually our 'certificate' was available for download. This was in the form of a .SPC file.
    7. The next stage was to create a .PVK file using the Private Key (.key) generated at the start (which apparently is in PEM format).
    8. We downloaded a PVKTool and ran the conversion with strong encryption:                      
             pvk –in privateKey.key –out privateKey.pvk –topvk –strong
    9. This generated a .PVK file which we could then use with the .SPC file to generate a Personal Information Exchange PKCS #12 file (.PFX) using the PVKImprt tool from Microsoft:
            pvkimprt -PFX mycert.spc privateKey.pvk
    10. This .PFX file could then be installed on to the local machine using Internet Explorer > Internet Options > Content > Certificates > Import.
    11. Next we moved on to the FTDI driver itself. We modified the driver installation (.INF) files as appropriate, adding in our own product and VID\PID IDs and file names for both X86 and X64 version of the .CAT files.
    12. We then needed to re-create the driver Catalog Files (.CAT) using the modified .INF files. This was done using the Inf2cat tool from the Windows WDK (8.1):                 Inf2cat /driver:C:\FTDIDriver /os:8_x64,7_x64,8_x32,7_x32
    13. Finally we needed to sign the 4 new .CAT files with the (Organisation Certificate or GoDaddy CrossCertificate (.CER)?) using the SignTool, also found in the Windows WDK (8.1): signtool sign /v /ac gd-class2-root.cer /a /s MY /n " Organisation Ltd." /t ""
    14. This should be repeated 4 times to create the following files:
    15. The entire FTDI driver folder can then be used when installing our USB devices – Only it doesn't work Error Code 52...


    Friday, March 6, 2015 3:22 PM