Code signing certificate 64-bit driver

Digital Certificates Code Signing Certificate
1

Hello,

I just received my Comodo code signing certificate today, picked it up through my browser and exported it (with private key) to a .pfx file. I am able to sign Windows executables fine and when I run a .exe I see the proper publisher information as expected but I have not been able to load any 64-bit kernel drivers that I have signed. I am very confused as to which cross-certificate I need. The ones I have tried are successfully signed (no errors or warnings) but Windows 7 x64 continues to prompt me saying that Windows only supports signed drivers. During the ordering process from ksoftware I selected “SHA1” since it was recommended for signing drivers. I don’t know what’s going on here. I am using the following command to sign

signtool.exe sign /v /ac “AddTrust External CA Root.crt” /f MyCert.pfx /p XxX /tr Timestamp Server And Stamping Protocols | Sectigo® Official “c:\driver.sys”

2

After running a few more tests I realized that I was in fact signing the driver correctly with the cross-certificate because it now loads on Windows 8 x64 and Windows 10 (technical preview) x64. I do however have a major problem since Windows 7 x64 will not load my signed drivers. I ordered the SHA-1 specifically to sign drivers and avoid this kind of mess. How can I verify that I do in fact have a SHA-1 cert? I’ve read on here that SHA-2 has issues with Windows 7 and vista driver signing, perhaps I was given a SHA-2 cert?

3

Hello!
I have the same problem.
I have not been able to load any 64-bit kernel drivers that I have signed with my SHA256 Kernel Mode Code Signing (KMCS) certificate.
Instead I get Code 52 error - “Windows cannot verify digital signature”.
How did You solve that issue?