Prev: How to set Connection Timeout and KeepAlive Timeout value in WSK client driver
Next: Manually editing INF file for flakey soundcard
From: Tim Roberts on 24 Oct 2009 01:34 John Bond <johnbond(a)newsgroup.nospam> wrote: > >SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "AudioCodes, >Inc." /t http://timestamp.verisign.com/scripts/timestamp.dll >SmartWORKSDriver.sys > >Is giving the following error message: > >SignTool Error: No certificates were found that met all the given criteria. > >Number of files successfully Signed: 0 >Number of warnings: 0 >Number of errors: 1 > >Is the .cer file found at: >http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx >the appropriate one to use? Or should I use the .cer I can export out of my >certificate store? You must use the cross-certificate from Microsoft. That, of course, assumes that you really do have a Verisign class 3 code-signing certificate in your certificate store with the name "AudioCodes, Inc.". The string must match exactly. -- Tim Roberts, timr(a)probo.com Providenza & Boekelheide, Inc.
From: David Craig on 24 Oct 2009 03:50 That is true, Tim. I also discovered that you can use Internet Exploder to view all the certificates and kill old certs. That should help him validate the name string. I suspect it is also case-sensitive, but I got the batch file from someone who had it working. "Tim Roberts" <timr(a)probo.com> wrote in message news:8a45e593jffak92j72ng752od61map2981(a)4ax.com... > John Bond <johnbond(a)newsgroup.nospam> wrote: >> >>SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "AudioCodes, >>Inc." /t http://timestamp.verisign.com/scripts/timestamp.dll >>SmartWORKSDriver.sys >> >>Is giving the following error message: >> >>SignTool Error: No certificates were found that met all the given >>criteria. >> >>Number of files successfully Signed: 0 >>Number of warnings: 0 >>Number of errors: 1 >> >>Is the .cer file found at: >>http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx >>the appropriate one to use? Or should I use the .cer I can export out of >>my >>certificate store? > > You must use the cross-certificate from Microsoft. That, of course, > assumes that you really do have a Verisign class 3 code-signing > certificate > in your certificate store with the name "AudioCodes, Inc.". The string > must match exactly. > -- > Tim Roberts, timr(a)probo.com > Providenza & Boekelheide, Inc.
From: Hannes on 26 Oct 2009 05:04 There is also a "press F8 during startup" option that temporarily disables the signed driver enforcement. / Hannes. "John Bond" wrote: > I thought it would be nice to test my 64-bit KMDF 1.7 driver on Win 7 > Ultimate RC... well even with a digital certificate used to sign the driver > package, it is rejected with the following message: > > A recently installed program tried to install an unsigned driver. This > version of Windows requires all drivers to have a valid digital signature. > The driver is unavailable and ... (I get the message) > > So what must I do to bypass this and test my driver? Must I go back to > Server2008? > -- > Mr. Fixit needs your help! - John Bond , LLC
From: John Bond on 26 Oct 2009 08:46 David, are you saying that I cannot use KMDF 1.7 (WDK 6001.18002) and its signtool and inf2cat to produce 64-bit loadable drivers? Do they NOT work? If so I will upgrade to 7.0.0 WDK (KMDF 1.9??). (Did 7.0.0 reach released status recently? I must have had my head buried too deeply in the sand.) I just got comfortable with KMDF 1.7 having just shipped a driver to Verizon for boards they used back in Win98/NT/2000. -- Mr. Fixit needs your help! - John Bond , LLC "David Craig" wrote: > Did you import the pfx into your local certificate store? Did you generate > the inf with the inf2cat tool in the 7600.16385.0 (aka 7.0.0) WDK? Use the > tools from that WDK as I know it works. > > "John Bond" <johnbond(a)newsgroup.nospam> wrote in message > news:E34FBD0F-6332-4EEC-A1F9-35E6559471C0(a)microsoft.com... > > The command line: > > > > SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "AudioCodes, > > Inc." /t http://timestamp.verisign.com/scripts/timestamp.dll > > SmartWORKSDriver.sys > > > > Is giving the following error message: > > > > SignTool Error: No certificates were found that met all the given > > criteria. > > > > Number of files successfully Signed: 0 > > Number of warnings: 0 > > Number of errors: 1 > > > > Is the .cer file found at: > > http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx > > the appropriate one to use? Or should I use the .cer I can export out of > > my > > certificate store? > > -- > > Mr. Fixit needs your help! - John Bond , LLC > > > > > > "David Craig" wrote: > > > >> Look on Microsoft.com for a cross signing certificate that matches your > >> corporate certificate. There are procedures documented in WHQL for > >> driver > >> and cat file signing. It is fairly easy to do once you have the correct > >> certs, but since someone else provides those to us I have never done it > >> myself. Once the certs are done and you have added the private key to > >> your > >> computer it is just a matter of running inf2cat and signtool on the sys > >> and > >> inf. > >> > >> > >> "John Bond" <johnbond(a)newsgroup.nospam> wrote in message > >> news:0785368D-EAE6-4496-AF6B-4087E4160B4D(a)microsoft.com... > >> >I thought it would be nice to test my 64-bit KMDF 1.7 driver on Win 7 > >> > Ultimate RC... well even with a digital certificate used to sign the > >> > driver > >> > package, it is rejected with the following message: > >> > > >> > A recently installed program tried to install an unsigned driver. This > >> > version of Windows requires all drivers to have a valid digital > >> > signature. > >> > The driver is unavailable and ... (I get the message) > >> > > >> > So what must I do to bypass this and test my driver? Must I go back to > >> > Server2008? > >> > -- > >> > Mr. Fixit needs your help! - John Bond , LLC > >> > >> > >> . > >> > > > . >
From: John Bond on 26 Oct 2009 08:52
Thanks, Hannes, but I want to know that the full package works. We will be starting our QA process with a very early version of our driver. Management around here is scared witless by this change. Most of the other developers with whom I work are very glad that Microsoft has provided the KMDF and are excited about leaving our archaic driver behind. I need to prove early on that Microsoft's improvements are solid and can be relied upon. (A lot of heat in this here kitchen.) But thanks for reminding me about the "back door". I'll need to pass that tidbit on to the maintainers. -- Mr. Fixit needs your help! - John Bond , LLC "Hannes" wrote: > There is also a "press F8 during startup" option that temporarily disables > the signed driver enforcement. > > / Hannes. > > "John Bond" wrote: > > > I thought it would be nice to test my 64-bit KMDF 1.7 driver on Win 7 > > Ultimate RC... well even with a digital certificate used to sign the driver > > package, it is rejected with the following message: > > > > A recently installed program tried to install an unsigned driver. This > > version of Windows requires all drivers to have a valid digital signature. > > The driver is unavailable and ... (I get the message) > > > > So what must I do to bypass this and test my driver? Must I go back to > > Server2008? > > -- > > Mr. Fixit needs your help! - John Bond , LLC |