Buy & Download Certificate

by lady ada

In order to sign a driver you need a Code Signing Certificate - once purchased you can use it for a period of time to sign as much code/drivers as you like. For example, a 3 year certificate can be used for 3 years to sign drivers as needed. After 3 years, all your signed drivers still work great but you will have to buy a new cert if you have code you would like to sign a-new

Buy Code Signing Certificate

We bought our cert from GlobalSign

manufacturing_globalsign.png

Make an account, it will have a strange usrename that starts with PAR

manufacturing_login.png

You can click on Order Certificates - we already did so we have a certificate we paid for a few years ago, certificates cost ~$500

manufacturing_codesign.png

To re-download your certificate you'll have to click EDIT to the left of the Order ID. Which is so counter-intuitive but basically you are re-issuing the cert.

manufacturing_certid.png

Continue through and pick a secure Pickup Password, this password is only used to download the certificate, it isnt the password for the cert itself!

manufacturing_pickup.png

Pick a hash algorithm. For backwards compatibility with XP SP2 you can request SHA-1 but these days you should probably just go with SHA-256 since it is more secure

manufacturing_sha256.png

Click Next...this will have the pickup email sent to the email address associated with the account.

manufacturing_certapp.png

Check your email, you'll have the pickup link in there. Click it!

manufacturing_pickupemail.png

You'll be asked for that password from before. If by chance you forgot it in the last 5 minutes, you'll need to start over.

manufacturing_pickuppass.png

You'll now be asked to be a private key for the certificate. You'll need this to install the certificate. Keep this secret from getting out or someone could be able to sign malware with your name, no good eh?!

manufacturing_installcertpass.png

OK finally - download the certificate file!

manufacturing_download.png

Install Certificate

OK how that you have the pfx file, right click on it and Install it!

manufacturing_installpfx.png

Go through the wizard to install the cert...

Make sure the right file is selected:

manufacturing_wiz2.png

To install, you'll need to enter in that long private key you put in doing the pickup process. I recommend marking the key as exportable, so you don't have to go thru the pickup process if another person needs to install it and you lost the certificate file.

manufacturing_wiz3.png

You can use the Automatic Store to put it in your cert manager

manufacturing_wiz4.png

And, Finish!

manufacturing_wiz5.png
manufacturing_wiz6.png

Checking Installed Cert

Now that you have the certificate, its easy to check it out in your Cert Manager.  Visit C:\Program Files (x86)\Windows Kits\10\bin\10.0.16299.0\x86 and run certmgr.exe

manufacturing_certmgr.png

In Personal, you'll be able to see your signing cert!

manufacturing_certmgr2.png

You can click on Advanced to get more details about the cert:

manufacturing_certpath.png
manufacturing_details.png
manufacturing_gendetails.png

Download Intermediate Certificate

Finally, you need the matching root certificate file from GlobalSign. Go here to download it, you'll need to cross-lookup the right cert, for SHA-256 its Root-R3.crt

manufacturing_rootcerts.png

Save the root certificate to your Desktop, you'll need it in the next step

manufacturing_r3.png
INSTALLING WINDOWS SDK Signing Driver
This guide was first published on Mar 14, 2016. It was last updated on Mar 14, 2016. This page (Buy & Download Certificate) was last updated on Oct 13, 2019.