Need to sign a user-mode driver but can't locate a matching cross-certificate - Windows and TFS build

67 views Asked by At

I've been handed source code for a user-mode USB Plug-n-Play driver and a certificate from Go Daddy and been instructed to set up a TFS build for the source code and to make the driver "signed." Having never done this, and nobody else here has done this, I've been scouring the internet, particularly Microsoft pages, and so far all the instructions that I have found pertain to kernel-mode drivers. This page at least mentions "user-mode" - once. Signing a driver for public release But after mentioning that kernel-mode and user-mode drivers must be signed, the rest of the page focuses on how to sign a kernel-mode driver. So I thought to myself: "Maybe the instructions are the same for user-mode as for kernel-mode." So I tried to follow the instructions.

First, I wasn't given a private key file with the certificate but, by chance, I discovered that I could generate a Personal Information Exchange (pfx) certificate using certmgr instead of using Pvk2Pfx. So I now have a pfx certificate but then the instructions say I need to obtain a cross-certificate. I follow the instructions but can't find a cross-certificate for Go Daddy with the same thumbprint.

When I view the root authority certificate in certmgr: Issuer: Go Daddy Root Certificate Authority - G2 Thumbprint: 47 be ab c9 ....

But when I follow the instructions to obtain the cross-certificate, while I do find cross-certificates for Go Daddy, none have a matching thumbprint.

Unless, I'm totally misunderstanding, the build server needs the cross-certificate before it will build the driver package and sign it. Am I wrong? I have to be misunderstanding something. Where am I going wrong?

TIA, Darwin

1

There are 1 answers

0
Dar On

It took me a little bit to finally recognize that the cross-certificate was installed in the certificate store already. I just didn't recognize it. I assume it was installed when I installed the driver certificate. Part of the confusion was because Visual Studio 2016 wouldn't recognize either the drive certificate or the cross-certificate in the project properties when trying to select the certificates. They didn't show up until I used VS to install the certificate.