How to fix problem about signing requirements for CSP (Cryptographic Service Providers) on windows 7

Question

Dear Mrs/Mr,

We have the problem with the during distribution our CSP (Cryptographic Service Providers) to ours customer because it can not recognize on the windows 7 (Error invalid signature) after cross-certificate issue by Digicert expired.

I also see that "Starting with Windows 8, it is no longer a requirement that CSPs must be signed." on https://learn.microsoft.com/en-us/windows-hardware/drivers/install/authenticode-signing-of-csps

Please let me know how to solve the problem of our CSP on windows 7 while cross-signed certificates expired?

Other way, I try to register with the Hardware Developer Program with EV Certificate but seem the microsoft do not support ECC Certificate!

Thank for your support so much!

TAMDQ

Project manager about CSP of Mobile-ID

Answer 1

Hello there,

You may try the CNG certificates.

Configuration Manager supports Cryptography: Next Generation (CNG) certificates. Configuration Manager clients can use a PKI client authentication certificate with the private key generated and stored in a CNG Key Storage Provider (KSP). With KSP support, Configuration Manager clients support hardware-based private keys, such as a TPM KSP for PKI client authentication certificates.

https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/network/cng-certificates-overview

Hope this resolves your Query !!

--If the reply is helpful, please Upvote and Accept it as an answer--