If your certificate uses SHA-2 or has SHA-2 certificates in its chain of trust and you are using it to sign kernel modules, please review this article from Microsoft KB3033929.

An update for Windows 7 distributed through Windows Update. On versions of Windows 7 without this update, the kernel will reject signatures made with certificates that use SHA-2, so they cannot be used to get a kernel module to load.

In order for your driver to install successfully, the following file types in your project must be signed:

.sys
.cat

Prerequisites:

1. Download the Sectigo cross-signed CA.

   • https://crt.sh/?id=162879059

2. Open an elevated Windows command prompt (cmd) and run signtool.exe:

Signing:
The following syntax signs the file using a certificate stored in a password protected PFX file

Without the timestamp:
> signtool sign /v /ac 'CROSS_SIGNED_SECTIGO_CA_HERE' /f YOUR_PFX_HERE /p Password /n 'Company Name' 'PATH_TO_FILE_TO_SIGN'

With the timestamp:
> signtool sign /v /ac 'CROSS_SIGNED_SECTIGO_CA_HERE' /f YOUR_PFX_HERE /p Password /n 'Company Name' /tr http://timestamp.sectigo.com/rfc3161 'PATH_TO_FILE_TO_SIGN'

This code will place a signature including the cross signed certificate, that is timestamped in compliance with RFC 3161.

Note:The Company Cert Name should be exactly as is shown in the certificate ''ISSUED TO' field of your own cert

TIPS:

1. You should verify your signature for a driver file using the following command:

> signtool verify /v /kp 'PATH_TO_FILE_TO_SIGN'

2. You should verify that a given driver is 'signed' by a given catalog file using the following command:

> signtool verify /v /kp /c 'C:\\CatFileName.cat' 'PATH_TO_FILE_TO_SIGN'

"v" is for a verbose output and -kp validates it according to kernel mode driver signing criteria.

3. To reduce boot time, sign all drivers and catalog files.

Related Articles and Information:

• Kernel-Mode Code Signing Walkthrough
• Tools for Signing Drivers
• Cross-Certificates for Kernel Mode Code Signing
• Using SignTool to Sign a File
• SignTool