0
another new question. I have an Authenticode certificate and a driver. That driver is a kernel-mode driver, so I need to sign it using kernel-mode code signing. But my certificate is normal code signing and I think I can't use that with my kernel-mode driver. Anyone can answer?
Ken Ng
Posted 2019-05-09T10:11:23.863
Reputation: 77
2
The distinguishing feature of "kernel-mode code signing" certificates is the 2.23.140.1.4.1 policy OID listed under "Certificate policies". Because this is part of the certificate's (meta)data, and not just a different file format, you cannot add it to an existing certificate by hand (doing so would invalidate the CA signature); instead it needs to be added by the CA when the certificate is being issued.
user1686
Posted 2019-05-09T10:11:23.863
Reputation: 283 655
So I need to send a re-issue request? – Ken Ng – 2019-05-28T00:12:18.880