Microsoft allows SHA2 only signature algorithm.

Nick Pitman 26 Reputation points

Attempting to submit a driver and HLK package for certification on the Partner Center but we are receiving an error with the EV certificate:-
Microsoft allows SHA2 only signature algorithm. Please re-sign with a valid certificate and submit again.

During the account setup, we are expected to download SignableFile.bin file that we then sign with the same EV certificate and upload it to the microsoft servers.
This worked fine.
In creating the HLK package using the same EV certificate which is checked against the same EV certificate uploaded in the previous step also worked fine.

So I was a bit shocked when uploading the HLK package that it was rejected with the above error.

Is there a workaround?......
The EV certificate we purchased was supplied on a dongle which I'm told is more secure.

And why is it not why wait till the final stage to reject it rather than rejecting it at the point of creating the account?

Thanks in advance

Microsoft Partner Center
Microsoft Partner Center
A Microsoft website for partners that provides access to product support, a partner community, and other partner services.
867 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Nick Pitman 26 Reputation points

    Hi Guys
    In our case, it turns out that on closer inspection of driver after we certified it, gives different information depending on which way you looked at it.
    so if I right click the driver and select Properties/ Digital Signatures we see sha256 :-

    And, if I click on Details button and then Advanced tab I see sha256

    But, if I click Details button and the View certificate followed by Details tab we see SHA384

    So we thought we had purchased SHA256 but we actually had SHA384.
    Crucially, Microsoft still refused to accept sha3 an were expecting the certificate supplier to reissue the certificate to SHA2

    SECTIGO, eventually agreed that the above shouldn't have they are now reissuing the certificate.

    My only advice to anyone wanting to use the Microsoft Partnership program and EV certificate is to make absolutely sure that you certificate provider is aware of what you intend to use the certificate for and make sure they issue you with SHA256

    1 person found this answer helpful.
    0 comments No comments