I am a bit confused.
While ordering the certificate I was advised to select the SHA-2 certificate because Microsoft will deprecate SHA-1 soon.
But this certificate does not work with Windows 64 bit driver, although your cross-certificates are listed on Microsoft website in new cross-certificate list (AddTrust External CA Root and UTN-USERFirst-Object).
Now your support team is asking me to re-order the SHA-1 certificate instead of SHA-2.
I don’t know what to do… :-[
I’m sorry for the confusion but its unfortunately out of any CAs hands. As far as we’re aware, Microsoft does not (yet) support SHA-2 for Windows Vista or 7 on Kernel Mode Drivers. SHA-1 is the only option at this time if you wish to sign drivers.
See this post from Kelvin Yiu (from Microsoft) on the CA/Browser Forum public archives for proof: [cabfpub] Microsoft SHA-1 deprecation problem for Kernel Mode Code Signing
Yesterday was “Patch Tuesday” and Microsoft released an update so that SHA-2 signed certificates now work with Windows 7 & Server 2008/R2 and Kernel Mode Code Signing (KMCS) – https://technet.microsoft.com/en-us/library/security/2949927.aspx
Edit: Seems Microsoft pulled the update 3 days later on 17 October with no further update.
Hi, I have the same issue with SHA256 certificate. It seems Microsoft already made a KB patch, but as I am distributing my software worldwide, I can’t ensure that my users have Windows 7 updated.
Will Comodo issue a SHA1 certificate to me?
Thanks
What Microsoft’s KB patch or smth else currently solves issue with SHA256 Kernel Mode Code Signing (KMCS) certificate for Windows 7?
Upd:
Is it this one: Microsoft Security Advisory 3033929 | Microsoft Learn ?
But it has bad reviews as causig cyclic rebooting.