Microsoft allows SHA2 only signature algorithm.

Nick Pitman 26 Reputation points
2021-07-02T11:26:22.127+00:00

Attempting to submit a driver and HLK package for certification on the Partner Center but we are receiving an error with the EV certificate:-
Microsoft allows SHA2 only signature algorithm. Please re-sign with a valid certificate and submit again.

During the account setup, we are expected to download SignableFile.bin file that we then sign with the same EV certificate and upload it to the microsoft servers.
This worked fine.
In creating the HLK package using the same EV certificate which is checked against the same EV certificate uploaded in the previous step also worked fine.

So I was a bit shocked when uploading the HLK package that it was rejected with the above error.

Is there a workaround?......
The EV certificate we purchased was supplied on a dongle which I'm told is more secure.

And why is it not consistant...ie why wait till the final stage to reject it rather than rejecting it at the point of creating the account?

Thanks in advance
Nick

Microsoft Partner Center
Microsoft Partner Center
A Microsoft website for partners that provides access to product support, a partner community, and other partner services.
867 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Nick Pitman 26 Reputation points
    2021-09-06T08:10:32.083+00:00

    Hi Guys
    In our case, it turns out that on closer inspection of driver after we certified it, gives different information depending on which way you looked at it.
    so if I right click the driver and select Properties/ Digital Signatures we see sha256 :-
    129439-capture1.jpg

    And, if I click on Details button and then Advanced tab I see sha256
    129506-capture2.jpg

    But, if I click Details button and the View certificate followed by Details tab we see SHA384
    129546-capture3.jpg

    So we thought we had purchased SHA256 but we actually had SHA384.
    Crucially, Microsoft still refused to accept sha3 an were expecting the certificate supplier to reissue the certificate to SHA2

    SECTIGO, eventually agreed that the above shouldn't have happened.......an they are now reissuing the certificate.

    My only advice to anyone wanting to use the Microsoft Partnership program and EV certificate is to make absolutely sure that you certificate provider is aware of what you intend to use the certificate for and make sure they issue you with SHA256

    1 person found this answer helpful.
    0 comments No comments