Cross-Certificates for Kernel Mode Code Signing


Cross-signing is no longer accepted for driver signing. Using cross certificates to sign kernel-mode drivers is a violation of the Microsoft Trusted Root Program (TRP) policy. The TRP no longer supports root certificates that have kernel mode signing capabilities. Certificates in violation of Microsoft TRP policies will be revoked by the CA.

Cross-Certificates Overview

A cross-certificate is a digital certificate issued by one Certificate Authority (CA) that is used to sign the public key for the root certificate of another Certificate Authority. Cross-certificates provide a means to create a chain of trust from a single, trusted, root CA to multiple other CAs.