英文:
Microsoft Partner Center HLKX driver submission: SHA2 error with SHA384 certificate
问题
我们一直在将驱动程序提交给合作伙伴中心以进行微软验证和签名。最近,我们的 Authenticode 证书已过期,因此我们购买了新的证书。当我们提交由新证书签名的驱动程序包时,我们收到以下错误:
微软仅允许 SHA2 签名算法。请使用有效的证书重新签名并重新提交。
如何修复或解决这个问题?
备注:
- 新证书的签名算法为 SHA384RSA,其哈希算法为 SHA384。
- 过期证书的签名算法为 SHA256RSA,其哈希算法为 SHA256。
- 我们已经通过签署提供的二进制文件将新证书添加到合作伙伴中心。
- 我们的整个流程长时间以来一直有效。唯一改变的是 Authenticode 证书。
- 我们过去已经进行过证书更新,都运行正常。
英文:
We've been submitting drivers to Partner Center for validation and signature by Microsoft for a long time. Recently our Authenticode certificate expired, so we purchased a new one. When we submit driver packages signed by the new certificate, we get the following error:
> Microsoft allows SHA2 only signature algorithm. Please re-sign with a valid certificate and submit again.
How can this be fixed or worked around?
Notes:
- The new certificate's signature algorithm is SHA384RSA, its hash algorithm is SHA384.
- The expired certificate's signature algorithm is SHA256RSA, its hash algorithm is SHA256.
- We did add the new certificate to Partner Center by signing the provided binary.
- Our entire process has worked for a long time. The only thing that changed is the Authenticode certificate.
- We've performed certificate updates in the past. They always worked well.
答案1
得分: 2
在我们提出的支持工单中,微软的代表间接确认了SHA256的限制。因此,解决方法是在购买证书之前确保供应商使用SHA256而不是SHA384。
Sectigo不这样做,所以我们不能再为我们的驱动程序使用他们的证书。然而,SSL.com使用SHA256。我们从他们那里购买了新的证书,它使用SHA256,使用它签名的HLKX包在MS合作伙伴中心中能够正确处理。
英文:
In a support ticket we opened, a Microsoft representative indirectly confirmed the SHA256 restriction. The solution, therefore, is to make sure that a vendor uses SHA256 instead of SHA384 before buying a certificate.
Sectigo doesn't do that, so we cannot use their certificate any more for our drivers. SSL.com, however, does. We bought a new certificate from them, it uses SHA256 and HLKX packages signed with it are processed correctly in MS Partner Center.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论