Microsoft signed drivers appears as publisher not verfied

Posted by Priyanka Gupta on Super User See other posts from Super User or by Priyanka Gupta
Published on 2012-11-09T20:40:34Z Indexed on 2012/11/12 17:05 UTC
Read the original article Hit count: 334

Filed under:
|

Task at hand: Microsoft sign drivers on Win 7.

I microsoft signed my driver package 3 times every time thinking I might have missed a step or something. However, I cannot seem to get rid of the Windows Security error message "Windows can't verify the publisher of this driver software'. This is not the first time I have signed the driver packages. I was successfully able to sign other driver packages a few months ago. However, with this driver package I keep getting Windows security dialog box. Here's the procedure I follow -

  1. Create a new cat file using INF2CAT tool.

  2. Self sign the driver using a Versign Class 3 Public Primary Certification Authority - G5.cer.

  3. Run the microsoft tests on DTM Servers and clients with the devices that use this driver.

  4. Create WLK submission package.

  5. Self sign the cab file.

  6. Submit the package for certification.

The catalog file that comes back after successfully passing tests says Name of signer "Microsoft Windows Hardware Comptibility Publisher". When I check the validity of signature using SignTool, it says the signature is vaild. However, when I try to install the driver with new signed catalog file the windows complain.

Any ideas?

Edit 11/12/2012: Reply to Eugene's comment

Thanks for the help, Eugene. Yes. I did sign two other driver packages before. One of them was modified version of WinUSB driver. I am using the same certificate I used when I signed those two driver packages a few months ago. It costs $250 per signing from Microsoft. I would think that Microsoft would complain about it during certification if the certificate is wrong. I use the following command to self sign the CAT file. I don't have to specify the ceritificate name as there's only one certificate in the directory -

Signtool sign /v /a /n CompanyName /t http://timestamp.verisign.com/scripts/timestamp.dll OurCatalogFile.cat

Below is the result from running Verify command on the Microsoft signed OutCatalogFile.cat

C:\Program Files\Microsoft SDKs\Windows\v7.1\Bin\x64>signtool verify /v "C:\User s\logotest\Documents\serialdriversigning\OurCatalogFile.cat"

Verifying: C:\Users\logotest\Documents\serialdriversigning\OurCatalogFile.cat" Hash of file (sha1): BDDF39B1DD95881B462164129758A7FFD54F47D9

Signing Certificate Chain: Issued to: Microsoft Root Certificate Authority Issued by: Microsoft Root Certificate Authority Expires: Sun May 09 18:28:13 2021 SHA1 hash: CDD4EEAE6000AC7F40C3802C171E30148030C072

    Issued to: Microsoft Windows Hardware Compatibility PCA
    Issued by: Microsoft Root Certificate Authority
    Expires:   Thu Jun 04 16:15:46 2020
    SHA1 hash: 8D42419D8B21E5CF9C3204D0060B19312B96EB78

        Issued to: Microsoft Windows Hardware Compatibility Publisher
        Issued by: Microsoft Windows Hardware Compatibility PCA
        Expires:   Wed Sep 18 18:20:55 2013
        SHA1 hash: D94345C032D23404231DD3902F22AB1C2100341E

The signature is timestamped: Tue Nov 06 11:26:48 2012 Timestamp Verified by: Issued to: Microsoft Root Authority Issued by: Microsoft Root Authority Expires: Thu Dec 31 02:00:00 2020 SHA1 hash: A43489159A520F0D93D032CCAF37E7FE20A8B419

    Issued to: Microsoft Timestamping PCA
    Issued by: Microsoft Root Authority
    Expires:   Sun Sep 15 02:00:00 2019
    SHA1 hash: 3EA99A60058275E0ED83B892A909449F8C33B245

        Issued to: Microsoft Time-Stamp Service
        Issued by: Microsoft Timestamping PCA
        Expires:   Tue Apr 09 16:53:56 2013
        SHA1 hash: 1895C2C907E0D7E5C0292B92C6EA8D0E236F525E

Successfully verified: C:\Users\logotest\Documents\serialdriversigning\OurCatalogFile.cat"

Number of files successfully Verified: 1 Number of warnings: 0 Number of errors: 0

Thank you!

© Super User or respective owner

Related posts about drivers

Related posts about signature