Manage code signing certificates

As a Partner Center administrator, you're responsible for adding, updating, and retiring driver certificates when they expire. This article describes how to get, add, and update code signing certificates to the hardware dashboard.

For more information on rules for driver signing, see Driver Signing changes in Windows 10, version 1607 in the Windows Hardware Certification blog.

Prerequisites

Register for the Hardware Developer program. If you're not registered, follow the steps in How to register for the Microsoft Windows Hardware Developer Program.

Get or renew a code signing certificate

To get a new code signing certificate:

  1. Determine which certificate you need. To help you choose a certificate, see Driver signing requirements.

  2. If you're reusing a certificate, move on to step 5.

  3. Go to the page of one the following certificate authorities and follow their directions for purchase:

  4. Once the certificate authority verifies your contact information and your certificate purchase is approved, follow their directions to retrieve the certificate.

  5. Go to Partner Center and sign in using administrator credentials.

  6. Select the gear icon in the upper right, then select Developer settings, then Manage Certificates on the left pane.

  7. Select Add a new certificate, then select Next.

  8. Download Signablefile.bin and sign it with the new digital certificate for your company using SignTool with the /fd sha256 switch and appropriate SHA-2 timestamp.

  9. Upload the signed file to Partner Center.

Retire a code signing certificate

  1. Go to Partner Center and sign in using administrator credentials.

  2. Select the gear icon in the upper right, then select Developer settings, then Manage Certificates on the left pane.

  3. Move through the page to find the certificate you wish to remove.

  4. Under the Action column of the certificate, select Remove.