Signtool problems
in [Device Drivers]
|
From: Jennifer Stepler [MSFT] on 26 Oct 2006 12:41 When you use makecert to create a certificate, it creates both a private key that you use to sign with and a public key to distribute to machines that want to validate the signature. The .cer file only contains the public key. It does not contain the private key that is needed to do signing. The syntax given for makecert creates the private key in your personal certificate store. You must export the private key into a file in order to move it to another machine. If you type certmgr.exe without any option, it will bring up a GUI that allows you to export your certificate, including the private key. Jennifer "Smugsboy" wrote: > Hi, > Need some help here. > I've successfully created a .cat file for my driver using the > signability tool from WDK (build 5600). > > I have a temp certificate created ON ANOTHER MACHINE using the makecert > tool from WDK. > makecert -r -pe -ss MyTempCert -n "CN=MyTempCert" MyTempCert.cer > > I'm trying to sign my .cat file with the new certificate using the > following command: > SignTool sign /a /s MyTempCert /n MyTempCert MyDrv.cat > > I get the following error: > "SignTool Error: No certificates were found that met all the given > criteria." > > If I use the makecert command on the same machine I'm using the > signtool on, that everything works fine. It seems makecert also > installs the created certificate on the machine and than signtool > succeeds. > > If I try to install the certificate on my own (on the machine that did > not invoke makecert) using the following procedure, I get the same > error. > 1. Double click the .cer file. > 2. From "General" fold click "View signature" button. > 3. From signature details window click "View Certificate" button. > 4. From certificate information window click ,,Install > Certification" button. > 5. It will open "Certificate Import Wizard". Click "Next" on > the first step. > 6. Choose "Place all certificates in the following store" from > radio list. > 7. Click "Browse" button and check ,,Show physical stores" > checkbox. > 8. Choose "Trusted Root CA" and sub option "Local Computer" and > click "OK". > 9. Repeat above steps for "Trusted Publishers/Local Computer". > > Maybe I'm not installing the certificate correctly or something. > > Thanks, > >
|
Pages: 1 Prev: Vista: CoInstaller problems... Next: ZwWriteFile return 0xC0000002.. why?? |