Menu
I have issued myself a Code Signing certificate from a certificate server. I have also issued myself the root certificate from the same certificate server. The root certificate exists in both the Current User and Local Computer certificate stores within the Trusted Root Certification Authorities folder. I have successfully signed a DLL using the signtool.exe wizard:
"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\signtool.exe" signwizard <MyDLLName>.dll However, when I try to verify my DLL, it fails verification with the following error:
"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\signtool.exe" verify <MyDLLName>.dll SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. SignTool Error: File not valid: <MyDLLName>.dll Why is this happening? I thought having the root certificate in the Trusted Root Certification Authorities folder would verify the DLL.
889
You will need to obtain a new SSL certificate that has been signed by a valid Root CA. If your certificate does name a Root CA, you will need to find out if it is included in the browser's own list of trusted Root CA's, or obtain a new SSL certificate that has been signed by a valid Root CA that the browser recognises.
Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA. cer) and click OK.
The certificate not trusted error indicates that the SSL certificate is not signed or approved by a company that the browser trusts. This occurs most often for one of the following reasons: The web site is using a self-signed certificate.
If you visit a website and your browser gives out a warning, “This site's security certificate is not trusted”, then it indicates that the certificate in question is either not signed by a trusted root certificate or that the browser is not able to link that certificate with the trusted root certificate.
On your verify command add in the /pa option to tell it to use the Default Authentication Verification Policy instead of the Windows Driver Verification Policy, meaning it will look at your certificate stores instead of the limited set of CAs Microsoft trusts with drivers.
Look here for more options: http://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.90).aspx
183
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
