Who to get Code signing certificate from?

Discussion in 'Windows Vista Drivers' started by Nobody, Jan 23, 2007.

  1. Nobody

    Nobody Guest

    We need to get a certificate to sign our driver. Targeted OSes are Win2K,
    Win XP 32 and 64, Win VIsta 32 and 64.
    For for Windows Vista Kernel Mode Code Signing MS has the list of approved
    companies here:

    http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx#EAD

    However it seems, that some of them not in business anymore (GTE Cybetrust,
    Baltimore CyberTrust). Equifax sold it's business to GeoTrust, and GeoTrust
    only offers certs for Windows Mobile now (I called them)

    Globasign.net has attractive price , but they are in UK (we are in US) and I
    am concerned that phone support hours may be an issue.

    So it seems that Verisign is really the only alternative. They are the most
    expensive, but tech support seems to be good (I called and they knew what
    they were talking about).

    Is there any other viable options? Is there more up-to-date list of MS
    partners for Windows Vista Kernel Mode Code Signing?
     
    Nobody, Jan 23, 2007
    #1
    1. Advertisements

  2. Nobody

    Don Burn Guest

    First there are two types of signing. There is digital signing to identify
    the vendor required for 64-bit Vista, that is what the link you listed
    below is about. Second there is the digital signature for passing WHQL and
    for accessing the WinQual database of crashes (when you get that nice
    prompt after a reboot from a crash that asks if you want to report this to
    Microsoft, it goes to WinQual). For the second Verisign is the only one
    that is accepted. So basically, unless you only care about the digital
    signature needed for Vista 64-bit you need to go to Verisign.

    Finally, be careful, I have had confusing reports on whether the stuff for
    WHQL/Winqual can be used to digitally sign a non-WHQL'ed driver, or if you
    need a second signing authority from Verisign. Hopefully, someone can tell
    you what you want. Do not trust Verisign customer support, during the
    Vista beta, I called and asked about the first case then queried whether it
    worked for the second, Doing this multiple times got a different answer
    each time.
     
    Don Burn, Jan 23, 2007
    #2
    1. Advertisements

  3. I can confirm this. The certificate you use for submitting the WHQL stuff
    can be used to sign binaries for Vista. I've used it to sign a driver for
    Vista x64. In this case you just need to remember to use the cross-signing
    procedures described in the Vista x64 driver signing walkthrough.

    Hope it helps
    GV
     
    Gianluca Varenni, Jan 23, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.