Authenticode problems under Windows 2003

TheMSsForum.com: The Microsoft Software Forum

I'm signing my drivers inf catalog file using a valid certificate issues by
"Verisign Class 3 Code signing 2004 CA".

Under vista, I see the following lines in setupapi.dev.log:
(my certificate is installed in the trusted publishers store)

! sig: Verifying file against specific (valid) catalog
failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust
provider.
...
sig: Error 0xe0000241: The INF was signed with an
Authenticode(tm) catalog from a trusted publisher.
sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 06:02:44.054

According to Microsoft's "Troubleshooting Device Installation with the
SetupAPI Log File" (SetupAPILog.doc), I should see the same log lines (and
pseudo errors) in Windows 2003.

Alas, I'm seeing ONLY the 0x800b0109 error line, which means (according to
SetupAPILog.doc) that the driver does not have a WHQL catalog (indeed).

It seems that for some reason, Windows 2003 doesnâ??t recognize my Verisign
issued Authenticode certificate.

The problem persist whether I'm using Microsoft-Verisign cross certificate
(MSCV-VSClass3.cer) to sign my catalog or not.

Any help would be appreciated...
Top

RE: Authenticode problems under Windows 2003 by pavel_a

pavel_a
Thu Dec 28 06:17:01 CST 2006

What kind is your driver (setup class) ?

--PA

"Guy Corem" wrote:
> I'm signing my drivers inf catalog file using a valid certificate issues by
> "Verisign Class 3 Code signing 2004 CA".
>
> Under vista, I see the following lines in setupapi.dev.log:
> (my certificate is installed in the trusted publishers store)
>
> ! sig: Verifying file against specific (valid) catalog
> failed! (0x800b0109)
> ! sig: Error 0x800b0109: A certificate chain processed,
> but terminated in a root certificate which is not trusted by the trust
> provider.
> ...
> sig: Error 0xe0000241: The INF was signed with an
> Authenticode(tm) catalog from a trusted publisher.
> sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 06:02:44.054
>
> According to Microsoft's "Troubleshooting Device Installation with the
> SetupAPI Log File" (SetupAPILog.doc), I should see the same log lines (and
> pseudo errors) in Windows 2003.
>
> Alas, I'm seeing ONLY the 0x800b0109 error line, which means (according to
> SetupAPILog.doc) that the driver does not have a WHQL catalog (indeed).
>
> It seems that for some reason, Windows 2003 doesnâ??t recognize my Verisign
> issued Authenticode certificate.
>
> The problem persist whether I'm using Microsoft-Verisign cross certificate
> (MSCV-VSClass3.cer) to sign my catalog or not.
>
> Any help would be appreciated...
>
Top

RE: Authenticode problems under Windows 2003 by GuyCorem

GuyCorem
Thu Dec 28 23:40:00 CST 2006

Yes - my mistake.
The driver is a NET driver (NDIS miniport), with a WHQL test procedures,
hence it can't be sign with Authenticode on Windows 2003.

Guy

"Pavel A." wrote:

> What kind is your driver (setup class) ?
>
> --PA
>
> "Guy Corem" wrote:
> > I'm signing my drivers inf catalog file using a valid certificate issues by
> > "Verisign Class 3 Code signing 2004 CA".
> >
> > Under vista, I see the following lines in setupapi.dev.log:
> > (my certificate is installed in the trusted publishers store)
> >
> > ! sig: Verifying file against specific (valid) catalog
> > failed! (0x800b0109)
> > ! sig: Error 0x800b0109: A certificate chain processed,
> > but terminated in a root certificate which is not trusted by the trust
> > provider.
> > ...
> > sig: Error 0xe0000241: The INF was signed with an
> > Authenticode(tm) catalog from a trusted publisher.
> > sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 06:02:44.054
> >
> > According to Microsoft's "Troubleshooting Device Installation with the
> > SetupAPI Log File" (SetupAPILog.doc), I should see the same log lines (and
> > pseudo errors) in Windows 2003.
> >
> > Alas, I'm seeing ONLY the 0x800b0109 error line, which means (according to
> > SetupAPILog.doc) that the driver does not have a WHQL catalog (indeed).
> >
> > It seems that for some reason, Windows 2003 doesnâ??t recognize my Verisign
> > issued Authenticode certificate.
> >
> > The problem persist whether I'm using Microsoft-Verisign cross certificate
> > (MSCV-VSClass3.cer) to sign my catalog or not.
> >
> > Any help would be appreciated...
> >
Top