Windows cant verify the publisher of this driver software (BAT)

Purpose: While deploying an application, an unsigned driver must be deployed as well.

During your regular application deployment process, you might stumble across a dreaded popup – that of an unsigned driver. The actual application might be easy to deploy but usually an unsigned driver will cause new deployment admins to use foul language. Fear not, with the following easy to follow steps, you can get past most of these problems.

Windows cant verity the publisher of this driver software
First you need to Extract the untrusted Certificate

1) Find the .CAT file of this driver (you might need to do some extraction/digging/searching through the source files of your installation media or launch the installer and finish it and find the installed binaries from the system).
2) Right-click on the .CAT file and click OPEN
3) Click on “Show Signature”
4) Click on “Show Certificate”
5) Click on TAB: Details
6) Click on “Copy to file…”
7) Export the Certificate by following the export-wizard

OR

1) Install the application to a test workstation
2) Approve yourself the unsigned driver (and make sure to select “Add to trusted publishers…”)
3) Find the certificate from the MMC.exe (Certificates -> This Computer -> Trusted Publishers)
4) Export the certificate by following the export-wizard.

This must be done once manually for each deployed driver.

Second you need to Set the exported Certificate to be Trusted

1) Open MMC.exe
2) Load Certificates snap-in (This Computer)
3) Open “Trusted Publishers”
4) Import the exported Certificate here.

Now during your application deployment, the drivers will also install and not hang to the “untrusted driver” -window. But as you know, doing this with the mouse is not actually relevant in a deployment, so here is how to do it with command-line.

You can import the exported certificate before installing your application as follows:

1
certutil.exe -addstore -f "TrustedPublisher" c:\(path)\EXPORTED.cer
certutil.exe -addstore -f "TrustedPublisher" c:\(path)\EXPORTED.cer
Installing drivers that are signed
1
pnputil.exe –a C:\(path)\*.inf
pnputil.exe –a C:\(path)\*.inf

Leave a Reply

Your email address will not be published. Required fields are marked *


five + = eight

Post Navigation