Microsoft signed drivers appears as publisher not verfied
- by Priyanka Gupta
Task at hand: Microsoft sign drivers on Win 7.
I microsoft signed my driver package 3 times every time thinking I might have missed a step or something. However, I cannot seem to get rid of the Windows Security error message "Windows can't verify the publisher of this driver software'. This is not the first time I have signed the driver packages. I was successfully able to sign other driver packages a few months ago. However, with this driver package I keep getting Windows security dialog box. Here's the procedure I follow -
Create a new cat file using INF2CAT tool.
Self sign the driver using a Versign Class 3 Public Primary Certification Authority - G5.cer.
Run the microsoft tests on DTM Servers and clients with the devices that use this driver.
Create WLK submission package.
Self sign the cab file.
Submit the package for certification.
The catalog file that comes back after successfully passing tests says Name of signer "Microsoft Windows Hardware Comptibility Publisher". When I check the validity of signature using SignTool, it says the signature is vaild. However, when I try to install the driver with new signed catalog file the windows complain.
Any ideas?
Edit 11/12/2012: Reply to Eugene's comment
Thanks for the help, Eugene.
Yes. I did sign two other driver packages before. One of them was modified version of WinUSB driver. I am using the same certificate I used when I signed those two driver packages a few months ago. It costs $250 per signing from Microsoft. I would think that Microsoft would complain about it during certification if the certificate is wrong. I use the following command to self sign the CAT file. I don't have to specify the ceritificate name as there's only one certificate in the directory -
Signtool sign /v /a /n CompanyName /t http://timestamp.verisign.com/scripts/timestamp.dll OurCatalogFile.cat
Below is the result from running Verify command on the Microsoft signed OutCatalogFile.cat
C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\x64signtool verify /v "C:\User
s\logotest\Documents\serialdriversigning\OurCatalogFile.cat"
Verifying: C:\Users\logotest\Documents\serialdriversigning\OurCatalogFile.cat"
Hash of file (sha1): BDDF39B1DD95881B462164129758A7FFD54F47D9
Signing Certificate Chain:
Issued to: Microsoft Root Certificate Authority
Issued by: Microsoft Root Certificate Authority
Expires: Sun May 09 18:28:13 2021
SHA1 hash: CDD4EEAE6000AC7F40C3802C171E30148030C072
Issued to: Microsoft Windows Hardware Compatibility PCA
Issued by: Microsoft Root Certificate Authority
Expires: Thu Jun 04 16:15:46 2020
SHA1 hash: 8D42419D8B21E5CF9C3204D0060B19312B96EB78
Issued to: Microsoft Windows Hardware Compatibility Publisher
Issued by: Microsoft Windows Hardware Compatibility PCA
Expires: Wed Sep 18 18:20:55 2013
SHA1 hash: D94345C032D23404231DD3902F22AB1C2100341E
The signature is timestamped: Tue Nov 06 11:26:48 2012
Timestamp Verified by:
Issued to: Microsoft Root Authority
Issued by: Microsoft Root Authority
Expires: Thu Dec 31 02:00:00 2020
SHA1 hash: A43489159A520F0D93D032CCAF37E7FE20A8B419
Issued to: Microsoft Timestamping PCA
Issued by: Microsoft Root Authority
Expires: Sun Sep 15 02:00:00 2019
SHA1 hash: 3EA99A60058275E0ED83B892A909449F8C33B245
Issued to: Microsoft Time-Stamp Service
Issued by: Microsoft Timestamping PCA
Expires: Tue Apr 09 16:53:56 2013
SHA1 hash: 1895C2C907E0D7E5C0292B92C6EA8D0E236F525E
Successfully verified: C:\Users\logotest\Documents\serialdriversigning\OurCatalogFile.cat"
Number of files successfully Verified: 1
Number of warnings: 0
Number of errors: 0
Thank you!
