Self-signed Certificate for Windows Driver

 

We have an old USB driver, which has successful worked in windows vista, XP system, but now it cannot work in windows 7/8/10 64bits system because the kernel driver need to certificate. This paper is to describe the self-signed certificate, and it is a work-round method.

1. Install window SDK

 

 

 

 

1.  Download WDK for Windows 10, version 1903, and install it
2. Generate the self-signed needed files

In my computer, the tools are installed at C:\Program Files (x86)\Windows Kits\10\bin\x86

Run cmd.exe in administrator mode, and go to the tools folder.

Create a folder c:\DriverCert to store the certificates. And C:\DriverCert\Driver is to store the driver.

1)  makecert -r -sv C:\DriverCert\myDrivers.pvk -n CN="xxxx" C:\DriverCert\myDrivers.cer

 

 

 

Set the Password to 1234567890

 

 

 

2)  cert2spc C:\DriverCert\myDrivers.cer C:\DriverCert\myDrivers.spc

3)  pvk2pfx -pvk C:\DriverCert\myDrivers.pvk -pi 1234567890 -spc C:\DriverCert\myDrivers.spc -pfx C:\DriverCert\myDrivers.pfx -po 1234567890

 

4)  create catalog file for driver *.inf

 

inf2cat.exe /driver:"C:\DriverCert\driver" /os:8_X64,8_x86 /verbose

 

5)  sign the cat with pfx

signtool sign /f C:\DriverCert\myDrivers.pfx /p 1234567890 /t http://timestamp.verisign.com/scripts/timstamp.dll /v C:\DriverCert\driver\fpc-500-x.cat

1. Add self-signed certificate to local machine (root and trusted publisher)

certmgr.exe -add C:\DriverCert\myDrivers.cer -s -r localMachine TRUSTEDPUBLISHER

certmgr.exe -add C:\DriverCert\myDrivers.cer -s -r localMachine ROOT

 

Another method is to install certificate manually at property dialog of catalog file.

 

 

  

now, you can install the driver in 64bit windows, but you have to add the self-signed driver manually if you distribute it to client.

 

Finally we found there is a tool call dpscat.exe which is from libusbK, it can automatic generate the catalog file in the *.inf path, sign and add the certificate to local machine. Using the tool carefully especially for commercial as the tool license is BSD-style or GPLV3 and LGPLV3. You can download libusk at https://sourceforge.net/projects/libusbk/.