Knowledge Base

Microsoft Driver Signing Certificates

Microsoft is changing the process for signing your kernel-mode driver packages

Starting in 2021, Microsoft will be the sole provider of production kernel-mode code signatures. You will need to start following Microsoft’s updated instructions to sign any new kernel-mode driver packages going forward. To lean more, see our knowledge base articles:

• Microsoft sunsetting support for cross-signed root certificates with kernel-mode signing capabilities
• Signing Kernel Mode Drivers

Starting on June 1, 2023, at 00:00 UTC, industry standards will require private keys for standard code signing certificates to be stored on hardware certified as FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent. This change strengthens private key protection for code signing certificates and aligns it with EV (Extended Validation) code signing certificate private key protection. Please see New private key storage requirement for Code Signing certificates

Publishing Drivers for Microsoft Windows

Whether you need a certificate to digitally sign drivers for a plug and play device or for some other peripheral for Windows 32-bit or 64-bit Operating Systems (OS), we've got you covered.

With a DigiCert Code Signing certificate, you can sign a driver that will be trusted by any Windows OS and your customers can avoid warnings telling them their drivers are from an untrusted company.

Microsoft made a very important security requirement: A trusted Certificate Authority (CA) must sign all drivers before anyone can install them on a Windows computer.

This is beneficial for your users in a number of ways. First, your users can verify the driver they're downloading and running on their computer came from you, a source they trust. Second, when they see that Your Company, Inc. signed the driver (i.e. published), they won't have to worry about any viruses or malware infecting the system.

If anyone tries modifying your driver files after you released and digitally signed them, then the signature on the install program is no longer valid. Instead of a signature showing Your Company, Inc., your customers receive a warning that the driver is from an unknown source and it shouldn't be trusted.

Digitally signing your drivers helps build customer trust, tells your customers the driver they are about to download hasn’t been tampered with, and helps users avoid malware.

For any further questions, please Contact Support.