Cross-Certificates for Kernel Mode Code Signing

Warning

Cross-signing is no longer accepted for driver signing. Using cross certificates to sign kernel-mode drivers is a violation of the Microsoft Trusted Root Program (TRP) policy. The TRP no longer supports root certificates that have kernel mode signing capabilities. Certificates in violation of Microsoft TRP policies will be revoked by the CA.

Cross-Certificates Overview

A cross-certificate is a digital certificate issued by one Certificate Authority (CA) that establishes a trust relationship with another CA by allowing the public key of the other CA's root certificate to be trusted. This process is known as cross-signing, where the CA's certificate is signed by another CA to create multiple valid trust paths.

Related info

Deprecation of Software Publisher Certificates, Commercial Release Certificates, and Commercial Test Certificates
Authenticode Signing of Third-party CSPs

Feedback

Was this page helpful?

Additional resources

Last updated on

URL: https://learn.microsoft.com/en-us/windows-hardware/drivers/install/cross-certificates-for-kernel-mode-code-signing