From: John Bond on
David, I owe you an apology... you were right. I had to use the latest
SignTool AND Inf2Cat just to get the signed files to work with Win7. It took
me two more weeks of sweat and blood to get there. I should have tried it
without questioning it... JBond

"David Craig" wrote:

> Did you import the pfx into your local certificate store? Did you generate
> the inf with the inf2cat tool in the 7600.16385.0 (aka 7.0.0) WDK? Use the
> tools from that WDK as I know it works.
>
> "John Bond" <johnbond(a)newsgroup.nospam> wrote in message
> news:E34FBD0F-6332-4EEC-A1F9-35E6559471C0(a)microsoft.com...
> > The command line:
> >
> > SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "AudioCodes,
> > Inc." /t http://timestamp.verisign.com/scripts/timestamp.dll
> > SmartWORKSDriver.sys
> >
> > Is giving the following error message:
> >
> > SignTool Error: No certificates were found that met all the given
> > criteria.
> >
> > Number of files successfully Signed: 0
> > Number of warnings: 0
> > Number of errors: 1
> >
> > Is the .cer file found at:
> > http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx
> > the appropriate one to use? Or should I use the .cer I can export out of
> > my
> > certificate store?
> > --
> > Mr. Fixit needs your help! - John Bond , LLC
> >
> >
> > "David Craig" wrote:
> >
> >> Look on Microsoft.com for a cross signing certificate that matches your
> >> corporate certificate. There are procedures documented in WHQL for
> >> driver
> >> and cat file signing. It is fairly easy to do once you have the correct
> >> certs, but since someone else provides those to us I have never done it
> >> myself. Once the certs are done and you have added the private key to
> >> your
> >> computer it is just a matter of running inf2cat and signtool on the sys
> >> and
> >> inf.
> >>
> >>
> >> "John Bond" <johnbond(a)newsgroup.nospam> wrote in message
> >> news:0785368D-EAE6-4496-AF6B-4087E4160B4D(a)microsoft.com...
> >> >I thought it would be nice to test my 64-bit KMDF 1.7 driver on Win 7
> >> > Ultimate RC... well even with a digital certificate used to sign the
> >> > driver
> >> > package, it is rejected with the following message:
> >> >
> >> > A recently installed program tried to install an unsigned driver. This
> >> > version of Windows requires all drivers to have a valid digital
> >> > signature.
> >> > The driver is unavailable and ... (I get the message)
> >> >
> >> > So what must I do to bypass this and test my driver? Must I go back to
> >> > Server2008?
> >> > --
> >> > Mr. Fixit needs your help! - John Bond , LLC
> >>
> >>
> >> .
> >>
>
>
> .
>
From: Denis on
I am wondering if I have the same problem per-haps:
I was signing with WDK 6000 because of ease of the wizard mode.

Now I am trying the same thing with WDK 7600.16385.0


>SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n
"DATAWIND NET ACCESS CORPORATION"
/t http://timestamp.verisign.com/scripts/timestamp.dll AMD64\WideUsb.sys
The following certificate was selected:
Issued to: DATAWIND NET ACCESS CORPORATION
Issued by: VeriSign Class 3 Code Signing 2009-2 CA
Expires: Wed Sep 22 18:59:59 2010
SHA1 hash: 196399AA62717B1430405533474B44BDFD13C947

SignTool Error: An unexpected internal error has occurred.
Error information: "CryptQueryObject" (-2147024893/0x80070003)

I do not know what could have gone wrong here, any clue, any one?

Thanks.


"John Bond" <johnbond(a)newsgroup.nospam> wrote in message news:F8677212-D3E3-4EE9-A08D-BCD707216BA8(a)microsoft.com...
> David, I owe you an apology... you were right. I had to use the latest
> SignTool AND Inf2Cat just to get the signed files to work with Win7. It took
> me two more weeks of sweat and blood to get there. I should have tried it
> without questioning it... JBond
>
> "David Craig" wrote:
>
>> Did you import the pfx into your local certificate store? Did you generate
>> the inf with the inf2cat tool in the 7600.16385.0 (aka 7.0.0) WDK? Use the
>> tools from that WDK as I know it works.
>>
>> "John Bond" <johnbond(a)newsgroup.nospam> wrote in message
>> news:E34FBD0F-6332-4EEC-A1F9-35E6559471C0(a)microsoft.com...
>> > The command line:
>> >
>> > SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n "AudioCodes,
>> > Inc." /t http://timestamp.verisign.com/scripts/timestamp.dll
>> > SmartWORKSDriver.sys
>> >
>> > Is giving the following error message:
>> >
>> > SignTool Error: No certificates were found that met all the given
>> > criteria.
>> >
>> > Number of files successfully Signed: 0
>> > Number of warnings: 0
>> > Number of errors: 1
>> >
>> > Is the .cer file found at:
>> > http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx
>> > the appropriate one to use? Or should I use the .cer I can export out of
>> > my
>> > certificate store?
>> > --
>> > Mr. Fixit needs your help! - John Bond , LLC
>> >
>> >
>> > "David Craig" wrote:
>> >
>> >> Look on Microsoft.com for a cross signing certificate that matches your
>> >> corporate certificate. There are procedures documented in WHQL for
>> >> driver
>> >> and cat file signing. It is fairly easy to do once you have the correct
>> >> certs, but since someone else provides those to us I have never done it
>> >> myself. Once the certs are done and you have added the private key to
>> >> your
>> >> computer it is just a matter of running inf2cat and signtool on the sys
>> >> and
>> >> inf.
>> >>
>> >>
>> >> "John Bond" <johnbond(a)newsgroup.nospam> wrote in message
>> >> news:0785368D-EAE6-4496-AF6B-4087E4160B4D(a)microsoft.com...
>> >> >I thought it would be nice to test my 64-bit KMDF 1.7 driver on Win 7
>> >> > Ultimate RC... well even with a digital certificate used to sign the
>> >> > driver
>> >> > package, it is rejected with the following message:
>> >> >
>> >> > A recently installed program tried to install an unsigned driver. This
>> >> > version of Windows requires all drivers to have a valid digital
>> >> > signature.
>> >> > The driver is unavailable and ... (I get the message)
>> >> >
>> >> > So what must I do to bypass this and test my driver? Must I go back to
>> >> > Server2008?
>> >> > --
>> >> > Mr. Fixit needs your help! - John Bond , LLC
>> >>
>> >>
>> >> .
>> >>
>>
>>
>> .
>>


From: Tim Roberts on
"Denis @ TheOffice" <denisco(a)ica.net> wrote:
>
>I am wondering if I have the same problem per-haps:
>I was signing with WDK 6000 because of ease of the wizard mode.
>
>Now I am trying the same thing with WDK 7600.16385.0
>
>>SignTool sign /v /ac C:\Verisign\MSCV-VSClass3.cer /s my /n
>"DATAWIND NET ACCESS CORPORATION"
>/t http://timestamp.verisign.com/scripts/timestamp.dll AMD64\WideUsb.sys
>The following certificate was selected:
> Issued to: DATAWIND NET ACCESS CORPORATION
> Issued by: VeriSign Class 3 Code Signing 2009-2 CA
> Expires: Wed Sep 22 18:59:59 2010
> SHA1 hash: 196399AA62717B1430405533474B44BDFD13C947
>
>SignTool Error: An unexpected internal error has occurred.
>Error information: "CryptQueryObject" (-2147024893/0x80070003)
>
>I do not know what could have gone wrong here, any clue, any one?

80070003 is COR_E_DIRECTORYNOTFOUND. Now, clearly it HAS found your
certificate, so it must be something else. Have you double-checked that
the cross-certificate is in C:\Verisign? You're sure that the driver is in
the AMD64 subdirectory when the command runs?
--
Tim Roberts, timr(a)probo.com
Providenza & Boekelheide, Inc.