Cross-Certificates for Kernel Mode Code Signing

Warning

Cross-signing is no longer accepted for driver signing. Using cross certificates to sign kernel-mode drivers is a violation of the Microsoft Trusted Root Program (TRP) policy. The TRP no longer supports root certificates that have kernel mode signing capabilities. Certificates in violation of Microsoft TRP policies will be revoked by the CA.

Cross-Certificates Overview

A cross-certificate is a digital certificate issued by one Certificate Authority (CA) that establishes a trust relationship with another CA by allowing the public key of the other CA's root certificate to be trusted. This process is known as cross-signing, where the CA's certificate is signed by another CA to create multiple valid trust paths.

Related info

• Deprecation of Software Publisher Certificates, Commercial Release Certificates, and Commercial Test Certificates
• Authenticode Signing of Third-party CSPs