Microsoft allows SHA2 only signature algorithm.

Question

Attempting to submit a driver and HLK package for certification on the Partner Center but we are receiving an error with the EV certificate:-
Microsoft allows SHA2 only signature algorithm. Please re-sign with a valid certificate and submit again.

During the account setup, we are expected to download SignableFile.bin file that we then sign with the same EV certificate and upload it to the microsoft servers.
This worked fine.
In creating the HLK package using the same EV certificate which is checked against the same EV certificate uploaded in the previous step also worked fine.

So I was a bit shocked when uploading the HLK package that it was rejected with the above error.

Is there a workaround?......
The EV certificate we purchased was supplied on a dongle which I'm told is more secure.

And why is it not consistant...ie why wait till the final stage to reject it rather than rejecting it at the point of creating the account?

Thanks in advance
Nick

Answer 1

Hi Guys
In our case, it turns out that on closer inspection of driver after we certified it, gives different information depending on which way you looked at it.
so if I right click the driver and select Properties/ Digital Signatures we see sha256 :-

And, if I click on Details button and then Advanced tab I see sha256

But, if I click Details button and the View certificate followed by Details tab we see SHA384

So we thought we had purchased SHA256 but we actually had SHA384.
Crucially, Microsoft still refused to accept sha3 an were expecting the certificate supplier to reissue the certificate to SHA2

SECTIGO, eventually agreed that the above shouldn't have happened.......an they are now reissuing the certificate.

My only advice to anyone wanting to use the Microsoft Partnership program and EV certificate is to make absolutely sure that you certificate provider is aware of what you intend to use the certificate for and make sure they issue you with SHA256