Preparing a driver package for test-signing. This includes creating a catalog file that contains the digital signature. Test-signing the driver package's catalog file by using the Contoso.
Test-signing a driver through an embedded signature by using the Contoso. Note You have to embed a digital signature within the driver if the driver is a boot-start driver. Each topic in this section describes a separate procedure in the test-signing process, and provides the general information that you need to understand the procedure.
In addition, each topic points you to other topics that provide detailed information about the procedure. Throughout this section, separate computers are used for the various processes involved in test-signing a driver. These computers are referred to as follows:. Signing computer This is the computer that is used to test-sign a driver package for Windows Vista and later versions of Windows.
Create a self-signed test certificate named Contoso. This certificate uses the same name for the subject name and the certificate authority CA.
Put a copy of the certificate in a certificate store that is named PrivateCertStore. Putting the test certificate in PrivateCertStore keeps it separate from other certificates that may be on the system. The -r option creates a self-signed certificate with the same issuer and subject name. The -pe option specifies that the private key that is associated with the certificate can be exported.
The -ss option specifies the name of the certificate store that contains the test certificate PrivateCertStore. This name is used with the SignTool tool to identify the certificate. The certificate file is used to add the certificate to the Trusted Root Certification Authorities certificate store and the Trusted Publishers certificate store. Excerpt from Viewing Test Certificates :. After the certificate is created and a copy is put in the certificate store, the Microsoft Management Console MMC Certificates snap-in can be used to view it.
Do the following to view a certificate through the MMC Certificates snap-in:. In the left pane of the Certificates snap-in, expand the PrivateCertStore certificate store folder and double-click Certificates. The following screen shot shows the Certificates snap-in view of the PrivateCertStore certificate store folder. To view the details about the Contoso. The following screen shot shows the details about the certificate. To enable trust, install this certificate in the Trusted Root Certification Authorities store.
The certificate cannot be verified because Windows does not trust the issuing authority, "Contoso. Create a catalog file. Use the inf2cat tool as shown below to create the catalog file. Additional comma separated OSes can be added selectively or all as shown below with no spaces.
The updated inf2cat from the new 8. Within this directory, catalog files are created for those INF files that contain one or more CatalogFile directives. The catalog file name is not restricted to 8. Inf2Cat creates the catalog file tstamd Similarly, the tool creates the catalog file toastx In case, only one catalog file is desired, then only one entry in the INF file as shown below will suffice.
The inf2cat tool is very strict on checking each folder and sub-folder about the presence of every file which has an entry in the INF file. There will be meaningful error messages on such missing entries. The cat file can be opened from explorer by double-clicking or right-clicking the file and selecting Open. Selecting a GUID value will display details including the driver files of the driver package and the OSes added as shown below:.
It is advisable that the cat file is checked to verify the inclusion of the driver files and the selected OSes. Restart the machine and try to install the drivers. Thursday, March 10, AM. Wintest Consultancy and Services wrote:. Friday, March 11, AM. SteMMo wrote:. Thanks guys, how can I obtain a valid signature? When i will modify the driver, will i need a new sign?
Hoe does it cost? How long is the sign procedure? Little 1. Yes, anytime you make a modification to any file that you sign with your certificate, you must then sign that file again.
Monday, March 14, PM. Thank you for your comment, Mr. I have same problem about my driver on Windows8 64bit. But the driver does Not setup under Windows8 64bit on that's condition. Software to support protected media content must be digitally signed even if it is bit. User-mode drivers, like the Printer driver will install and work in an xbased computer. A dialog will appear to the user during installation asking for approval to install the driver. Beginning in Windows 8 and later versions of Windows, installation will not proceed unless these driver packages are also signed.
Skip to main content.
0コメント