none
Reg. Driver Certificate RRS feed

  • Question

  • Hi,

    I have used MakeCert.exe to create TestCertificate and used Signtool.exe to sign the cat file using above certificate. This works fine in Win8 and WinServer 2012.

    My questions are:

    1. how and where to get the release/production certificate? I believe CA like Verisign can provide the same. Can I use that .cer file and use Signtool to sign .cat file?

    2. Intended Purpose (suggest any correction to below list) for certificate purchase purpose

    • Ensures software came from software publisher
    • Protects software from alteration after publication

    3. What is the price for a certificate. I believe one certificate is enough?

    PLease clarify...

    Thanks,

    Ram

    Friday, November 2, 2012 11:55 AM

Answers

  • You get a  CA from Verisign or others and use that .cer with slightly modified switches for the SignTool.  Consider Verisign if you want to WHQL some drivers since they offer certificates that can be used both to access WHQL and sign drivers.  Your intended purposes are the primary ones, you can also sign things such that the signature fails after a certain time.  Certificate vary in price depending on a lot of things, a Verisign corporate certificate is typically $500/year but there are lower prices for multiple years, and you can find special lower cost pricing at times.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Friday, November 2, 2012 12:27 PM

All replies

  • You get a  CA from Verisign or others and use that .cer with slightly modified switches for the SignTool.  Consider Verisign if you want to WHQL some drivers since they offer certificates that can be used both to access WHQL and sign drivers.  Your intended purposes are the primary ones, you can also sign things such that the signature fails after a certain time.  Certificate vary in price depending on a lot of things, a Verisign corporate certificate is typically $500/year but there are lower prices for multiple years, and you can find special lower cost pricing at times.


    Don Burn Windows Filesystem and Driver Consulting Website: http://www.windrvr.com Blog: http://msmvps.com/blogs/WinDrvr

    Friday, November 2, 2012 12:27 PM
  • Thanks Donald,

    Current purpose is to sign the driver (not WHQC) so that driver installation will not be fail in Win7/8 machines with "Enforce Driver Signability". HOwever, there may be possibility to go for WHQC in future. So will propose CA from Verisign.

    Thanks,

    Ram

    Monday, November 5, 2012 4:23 AM