为什么我的根证书不可信? [英] Why's My Root Certificate Not Trusted?
问题描述
我已经从证书服务器发布了自己的代码签名证书.我还向自己颁发了来自同一证书服务器的根证书. 根证书同时存在于受信任的根证书颁发机构"文件夹中的当前用户"证书和本地计算机"证书存储中.我已经成功使用signtool.exe向导对DLL进行了签名:
I have issued myself a Code Signing certificate from a certificate server. I have also issued myself the root certificate from the same certificate server. The root certificate exists in both the Current User and Local Computer certificate stores within the Trusted Root Certification Authorities folder. I have successfully signed a DLL using the signtool.exe wizard:
"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\signtool.exe" signwizard <MyDLLName>.dll
但是,当我尝试验证DLL时,它通过以下错误失败了验证:
However, when I try to verify my DLL, it fails verification with the following error:
"C:\Program Files\Microsoft SDKs\Windows\v6.0A\Bin\signtool.exe" verify <MyDLLName>.dll
SignTool Error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
SignTool Error: File not valid: <MyDLLName>.dll
为什么会这样?我认为在受信任的根证书颁发机构"文件夹中拥有根证书会验证DLL.
Why is this happening? I thought having the root certificate in the Trusted Root Certification Authorities folder would verify the DLL.
推荐答案
在您的verify命令上,添加/pa选项,以告诉它使用默认身份验证验证策略而不是Windows驱动程序验证策略,这意味着它将查看您的证书存储而不是Microsoft与驱动程序信任的有限数量的CA.
On your verify command add in the /pa option to tell it to use the Default Authentication Verification Policy instead of the Windows Driver Verification Policy, meaning it will look at your certificate stores instead of the limited set of CAs Microsoft trusts with drivers.
在这里查看更多选项: http://msdn.microsoft.com/en-us/library/8s9b9yaz (v = vs.90).aspx
Look here for more options: http://msdn.microsoft.com/en-us/library/8s9b9yaz(v=vs.90).aspx
这篇关于为什么我的根证书不可信?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
