Prev: How to set Connection Timeout and KeepAlive Timeout value in WSK client driver
Next: Manually editing INF file for flakey soundcard
From: John Bond on 26 Oct 2009 09:51 David and Tim, thanks for the additional input. I have looked at the "AudioCodes, Inc." certificate that I have in my Personal store. I think it is in my personal store, it can be seen via Internet Explorer: I click Tools | Internet Options | Certificates | Other People tab | AudioCodes, Inc. Within the certificate the Issuer is "VeriSign Class 3 Code Signing 2004 CA". Under Enhanced Key Usage the value is "Code Signing (1.3.6.1.5.5.7.3.3). Is there anything else I should check? Yes, I did download the cross cert from Microsoft's page and unzipped on my computer. The comamnd line references that .cer file. Is there something I can do to verify that file? I am stuck because very little of this process is clear in the docs or examples. Is the AudioCodes, Inc. certificate in my "Personal" store even though I have to click on the "Other People" tab in the Certificates window? Thanks in advance. When we get this step of the process nailed down, the release guy will codify it in batch scripts, etc., and we will be ready to go with our push to a 64-bit driver. -- Mr. Fixit needs your help! - John Bond , LLC "David Craig" wrote: > That is true, Tim. I also discovered that you can use Internet Exploder to > view all the certificates and kill old certs. That should help him validate > the name string. I suspect it is also case-sensitive, but I got the batch > file from someone who had it working. > > "Tim Roberts" <timr(a)probo.com> wrote in message > news:8a45e593jffak92j72ng752od61map2981(a)4ax.com... > > John Bond <johnbond(a)newsgroup.nospam> wrote: > >> > >>SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "AudioCodes, > >>Inc." /t http://timestamp.verisign.com/scripts/timestamp.dll > >>SmartWORKSDriver.sys > >> > >>Is giving the following error message: > >> > >>SignTool Error: No certificates were found that met all the given > >>criteria. > >> > >>Number of files successfully Signed: 0 > >>Number of warnings: 0 > >>Number of errors: 1 > >> > >>Is the .cer file found at: > >>http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx > >>the appropriate one to use? Or should I use the .cer I can export out of > >>my > >>certificate store? > > > > You must use the cross-certificate from Microsoft. That, of course, > > assumes that you really do have a Verisign class 3 code-signing > > certificate > > in your certificate store with the name "AudioCodes, Inc.". The string > > must match exactly. > > -- > > Tim Roberts, timr(a)probo.com > > Providenza & Boekelheide, Inc.
From: Tim Roberts on 28 Oct 2009 01:33 John Bond <johnbond(a)newsgroup.nospam> wrote: > >David, are you saying that I cannot use KMDF 1.7 (WDK 6001.18002) and its >signtool and inf2cat to produce 64-bit loadable drivers? No, they work fine. >If so I will upgrade to 7.0.0 WDK (KMDF 1.9??). (Did 7.0.0 reach released >status recently? I must have had my head buried too deeply in the sand.) Yes, it's been available for some time. -- Tim Roberts, timr(a)probo.com Providenza & Boekelheide, Inc.
From: Tim Roberts on 28 Oct 2009 01:37 John Bond <johnbond(a)newsgroup.nospam> wrote: > >David and Tim, thanks for the additional input. I have looked at the >"AudioCodes, Inc." certificate that I have in my Personal store. I think it >is in my personal store, it can be seen via Internet Explorer: I click Tools >| Internet Options | Certificates | Other People tab | AudioCodes, Inc. >Within the certificate the Issuer is "VeriSign Class 3 Code Signing 2004 CA". > Under Enhanced Key Usage the value is "Code Signing (1.3.6.1.5.5.7.3.3). Is >there anything else I should check? How did you install the certificate? Your signtool command line says it's in the "My" store. Is that how you installed it? Can you find it in certmgr.msc? -- Tim Roberts, timr(a)probo.com Providenza & Boekelheide, Inc.
From: John Bond on 28 Oct 2009 08:35 "Tim Roberts" wrote: > John Bond <johnbond(a)newsgroup.nospam> wrote: > > > >David and Tim, thanks for the additional input. I have looked at the > >"AudioCodes, Inc." certificate that I have in my Personal store. I think it > >is in my personal store, it can be seen via Internet Explorer: I click Tools > >| Internet Options | Certificates | Other People tab | AudioCodes, Inc. > >Within the certificate the Issuer is "VeriSign Class 3 Code Signing 2004 CA". > > Under Enhanced Key Usage the value is "Code Signing (1.3.6.1.5.5.7.3.3). Is > >there anything else I should check? > > How did you install the certificate? Your signtool command line says it's > in the "My" store. Is that how you installed it? Can you find it in > certmgr.msc? > -- > Tim Roberts, timr(a)probo.com > Providenza & Boekelheide, Inc. > . > Tim, I installed it by double cliking the .pfx file, which brings up the Certificate Import Wizard. I specified the Personal store and when done it told me the import was successful. I just tried it again and this time it asked for the password, which it had not before (why? I must have done something slightly differently). Now I entered the pw and set the strong protection (get user verification if an app tries to use it). It notified me of the extra protection and told me the import was successful. I will try the signing, again... Interesting, now the batch file hangs after printing "Attempting to sign:SwrxDriver.sys". So now it finds the proper store, but as the app tries to do the deed, it is awaiting my verification, but I see no pop-up..... ahhh now there is a pop-up. That took a while. Cool, Tim, I now have a signed SwrxDriver.sys. What would have caused the first install of the certificate to have put in something besides the private key and tell me that the import was successful? I had two other people looking over my shoulder to verify that I was following the directions. Anyway, thanks Tim! for asking the correct questions and getting me to go down the correct road. Perhaps the documentation needs to tell people to expect those extra steps of entering the password... I think we are done here. -John Bond
From: Tim Roberts on 30 Oct 2009 22:37
John Bond <johnbond(a)newsgroup.nospam> wrote: > >Cool, Tim, I now have a signed SwrxDriver.sys. What would have caused the >first install of the certificate to have put in something besides the private >key and tell me that the import was successful? I had two other people >looking over my shoulder to verify that I was following the directions. Digital signing is a maze of twisty passages, all alike. There's a fair amount of shooting in the dark to get to the first success, and after that you just follow the same recipe until the end of time. -- Tim Roberts, timr(a)probo.com Providenza & Boekelheide, Inc. |