How can I distribute the certificates?
I have no idea.
You can try to export the certificate and save it in the same folder as the driver for others to install it beforehand.
I have tried to load the signed drivers during Windows installation and, since the certificate is not yet stored in the OS, it cannot be verified.
I see no problem in using M$ Standard Driver just for installing the system and then properly updating. This is "healthier", in fact.
Regarding feedback for RST 13.6.2.1001, I have installed the OS and updated the driver as mentioned above.
So far the performance is unparalleled by any other previous version.
1 Like
This is what I have done now.
All driverpacks dated 04/30/2015 contain an additional file with the signature certificate.
Hello Dieter,
I want to use “>64bit Intel RSTe AHCI & RAID drivers v14.0.0.1095 mod & signed by Fernando<” on Win8.1.
For me the driver’s doesn’t work, because they are not dig. signed as provided!
Any idea?
Not really. Have you already tried to import the digital signature certificate, which I have added to the driverpack?
Today i was playing around with this driver because since i installed Windows 10 and switched to UEFI it showed up with an yellow mark in the device manager.
And, i finally managed to install it. What you need to do is to install the Certificate so it can recognize the signature when you load the driver from Device Manager.
To install the Certificate, do the following:
- Right click on the file Driver Signature Certificate.cer > Install Certificate > Open > Local Machine > Place all certificates in the following store > Select Trusted Root Certification Authorities > Ok > Finish
Problem solved.
@ zt3:
Thank you very much for your very useful guide regarding the import of the "Driver Signature Certificate.
Today I have tested it while running Win10 x64, but the update from the original Intel Smart Connect Technology Driver v1.0.8.0 WHQL to the modded and signed v1.1.0.0 failed at first try.
Although the import itself had been successful, the Win10 hardware management didn’t do the desired update (not even by using the “Have Disk” option) and gave me the message, that a problem occured during the update.
After a while I tried the update again (without repeating the import of the “Driver Signature Certificate”) by just using the option “Update Diver Software…” > “Browse my computer…” > “Browse” and navigating to the related INF file. Then I got a pop-up window, where I was asked, whether I trust the digital signature of “Win-RAID CA”. After having checked the option “I always trust this signature” and clicked onto the “Yes” button, the modded driver has been successfully installed. Look here:
Question:
Do you know why the installation of the modded and signed driver failed at first try?
@Fernando
Good question, i was wondering that too because it also happened to me. It went from “This driver isn’t digital signed” to “This driver has a signature” but as you said when click next it gave an error anyways. I don’t know for sure why this happened and since i tested other things before that i got even more confused. Even after the successful installation i reverted the driver a couple of times to test it again but now it installs everytime, probably because of that popup you also talked about, typical lan popup, asking if i wanted to install the driver and whether I wanted to trust the digital signature of “Win-RAID CA” which i just clicked next.
After this driver i tried your Intel’s modded one and i just did the “install certificate”. I think once you press next on that “trust popup” with the option to trust Win-RAID CA" checked you won’t get any more problems because the Intel’s one installed in the first try without giving that error.
@ zt3:
Thanks for your quick reply.
So we obviously had the same problem while trying to get the digital signature accepted by Win10.
Nevertheless I would still like to know, what exactly has to be done to prevent the failure at first try (many users will give up the installation at this point). If you should ever find it out, please let me know it.
Yes, this seems to be a big advantage for users, who are going to install more often any of my modded & signed drivers: Once the digital signature from "Win-RAID CA" is accepted, all these modded and signed drivers will be installed similar to a WHQL certified driver.
Which signed driver package can i try for testing the certificate? There must be a no-brainer solution. I am willing to help and try find a solution.
You can try any of my modded drivers, which I am offering as "mod and signed".
Here are some examples:
1. Intel Smart Connect Technology driver v1.1.0.0. (look into the start post)
2. several Intel USB 3.0 drivers (look >here<)
3. several Intel RST drivers (look >here<)
@Fernando
Yep, that was strange indeed but as you said it installed right after, BUT i’d also like to know why it didn’t in the first place. I can’t do more tests here because i clicked install when the “trust popup” appeared with the option to always trust your certificate checked and so it now installs everytime.
Although and sorry if this is getting a bit off topic but i just tried again your Intel’s modded driver on a laptop (it doesn’t have Intel Smart Connect Technology and i never used it before to install these certificates) that i have here at home following the steps i mentioned above (installing the certificate) and it installed without giving any error in the first place. The problem seems to reside on this particular driver.
It fails at the frist time but for some reason after a few tries it works good, weird.
Found it! Actually here’s what you need to do:
- Right click on the isctd.cat file > Properties > Digital Signatures > Click on Win-RAID CA > Details > See Certificate > Install Certificate > Local Machine > Place all certificates in the following store > Select Trusted Root Certification Authorities > Ok > Finish
Once you do this, the driver will install without any problem and as soon as you load it from the device manager it shows “This driver has a signature” the opposite if you use the certificate file which states that “this driver isn’t digital signed”. Maybe a problem with the certificate? The other drivers i tested your certificate works good but here it seems that we need to install it directly from the .cat file.
PS: If you want to test it by yourself all you have to do is to uninstall the driver (or drivers, depending if you had one before this one) checking the option to “Remove the software controller of this device” until you get that driver with a yellow mark. If you want you can also open the certificates manager of your computer > Win key + X > Run > certmgr.msc to uninstall it.
Next just do what i’ve said above about the .cat file and you’ll see that it works without any problem. You can even delete de Certificate file as it makes no difference.
@ zt3:
Thanks for having found the solution for our remaining problem!
Does that mean, that I don’t need to add the certificate file to the driver files?
@Fernando
That is correct, you can get "this driver has a signature" and a successful installation by directly install the certificate from the .cat files properties.
@ mrces, @ Tito, @ ole258, @ zt3, @ e.v.o:
As already previously announced, I have merged all important contributions about the topic "Digital Signature for Modded Drivers" into this freshly created thread.
This way it will be easier for you and other visitors of the Forum to get compact informations about this topic.
So please post all future topic related ideas, tips, questions and answers into this new thread.
Hoping, that this is ok for you
Dieter
I can confirm that everything is working fine and wrote a little PowerShell Script to import the cert. Save the following code to the folder that holds the .cer-File as Import-CertToRootCA.ps1:
1
2
3
4
5
6
7
8
9
2
3
4
5
6
7
8
9
$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
$pfx.import($PSScriptRoot + "\Driver Signature Certificate.cer")
$store = new-object System.Security.Cryptography.X509Certificates.X509Store([System.Security.Cryptography.X509Certificates.StoreName]::Root,"LocalMachine")
$store.Open(“MaxAllowed”)
$store.add($pfx)
$store.close()
gci cert:\LocalMachine\root | sls "Win-RAID CA"
If everything went fine it should output some information about the cert. If not nothing is displayed the cert isn't installed. The script is not that nice and could be made to auto import the driver after importing the cert...
To execute the scripts fire up a admin PowerShell and "Set-ExecutionPolicy Unrestricted". I can't upload any files... ?
@ e.v.o:
Thanks for the script, but it didn’t work for me.
Which es the exact command to execute the script?
You have to put the file into a .zip or .rar archive. Other extensions are not accepted by the Forum software.
Put the script inside the Folder where "Driver Signature Certificate.cer" is.
Fire up a Admin PowerShell.
cd into the folder.
If you can’t execute the script: Set-ExecutionPolicy Unrestricted
Execute the script: .\Import-CertToRoot.ps1 (just type "im" and press tab)
Does it work now? If not: Whats the error message?
