I have recertified this driver. When I run the CP210xVCPInstaller_64.exe to install the driver on Windows 7, the UAC window that comes up with the information about the program that wants to make changes to my computer has 'Unknown' as the Publisher. I would have expected to see 'Silicon Labs' or some other known Publisher. Why does it not have a known publisher?
I downloaded the latest VCP driver from:
and driver customizer from AN220:
and it looks like the installer .exe files are digitally signed by Microsoft. Can you try the .exe files from the VCP driver? Which version did you use?
If I run the original CP210xVCPInstaller_x64.exe that came with the CP210x USB to UART Bridge Driver v6.7 before any Customization was done and run the installer on a Windows 7 64-bit OS I still get Publisher: Unknown in the UAC Window. This is what I also get when I do the same with the installer after I have Customized and recertified.
I guess that the digital signatures tab on the file properties dialog is not a reliable method for verifying SPC publisher signing.
Microsoft intentionally did not digitally sign DPInst.exe because it is intended to be redistributed as part of your driver installation package. To avoid this dialog, digitally sign DPInst.exe using your own code signing certificate.
It sounds like you would have to sign the installer with your own SPC (software publisher certificate).
I have suggested that our driver team release our stock drivers with Silicon Labs signed installers for those that want to redistribute the stock driver. Otherwise, I would recommend that our customers who choose to re-certify the driver, use their SPC to sign the installers as well.
The same SPC used to certify a driver can be used to sign an exe. You can use Microsoft's signtool command line application to sign applications:
Thanks for the quick response and information. So I think what you are saying is that with my Code Signing Certificate from Symantec (which I used to sign the Customized Driver) I can use the Signtool to sign the CP210xVCPInstaller_x64.exe also.
Thank you for your help. I'm sure other developers who use your stock drivers will appreciate signed installer also.
Yes, I think that certificate should work. I've been able to release sign a driver using our SPC from Verisign.
You'd have to import your private SPC into the Windows certificate manager (you should probably password protect this!). Then use signtool to sign the application by referring to your SPC by CN (company name).
I think you would use something like:
signtool.exe sign /v /ac "<cross signing certificate (ie Symantec public certificate)>" /n "<Your SPC CN>" /t <Symantec timestamp URL> <name of catalog or application to sign>
You should be able to get signtool from the Windows SDK or WDK, unless they moved it again :-)
Microsoft has a page where you can find your certificate issuer's public certificate to use for cross signing:
Basically, signtool needs your private SPC along with your issuer's public certificate and your issuer's timestamp url.
Thanks, Chris. I will give it a try.
I have signed the installers successfully. I was not sure why I would need the cross signing certificate. I talked with Symantec and they said that the Microsoft Authenticode Certificate would be enough for signing the Installers for Silicon Labs. So I used everything in your command line example except I left the /ac "Cross Signing certificate" out. We now have our company name as the Verified Publisher.
Thanks for your help.
hi! so I need to a sign certificate and tryed to follow along with your process but having issues. Im very new with computer and pretty much point and click. can you give a me alink or just tell me what to do step by step?