Driver Certificate: SHA256 replaces SHA1

Info:

Since 2018-10-25 the Vector SHA1 certificate for signing the drivers has expired. Vector will not issue a new certificate as this is declared as deprecated by Microsoft. Instead, Vector drivers are signed only with SHA256 (setup.exe, driver sys file and CAT file).

The first driver setup package which is affected by this change is V10.9.

Future beta drivers will also be affected (also if they have lower version numbers).

Symptoms:

Symptoms on standard operation computers:

If the Windows updates or certificates are not installed, during installation this window appears:

Attention: If the driver will be installed after this message (second option) it will not run under Windows 7, 64 bit. So the device cannot be used.

Additionally the following window shows up at every installation (even if the checkmark „Always trust software from …“ is checked)

Symptoms on VN891x/VN8810 interfaces

If the Windows updates or certificates are not installed, the only feedback is that the drivers could not be installed. There is no further error description visible to the customer.

Solution:

Requirements for standard operation computers:

Windows 8 and Windows 10 supports SHA256 out-of-the-box, there are no special actions required.

Windows 7 computers need to have the following Windows updates installed to ensure a smooth driver installation:

Additionally the following certificate must be installed under Trusted Root Certification Authorities in the local computer’s certificate store:

  • VeriSign Universal Root Certification Authority
    • SN: 40 1a c4 64 21 b3 13 21 03 0e bb e4 12 1a c5 1d
    • SHA1 Finger Print: 36 79 ca 35 66 87 72 30 4d 30 a5 fb 87 3b 0f a7 7b b7 0d 54

The KB updates usually get installed through standard Windows update process. If not, these updates can be installed manually. They are available through the links above.

Same applies to the root certificate. It can be found here.

When the driver setup is run after installation of the root certificate and the two Windows KB updates the Vector certificate must be confirmed once per computer (with checkmark Always trust software from Vector Informatik GmbH checked otherwise the pop-up will appear on each driver again).

When the setup is started from the command line the /installCert option can be used to acknowledge the certificate. For example:

Setup.exe /s /installCert /i all keyman dongle

Requirements to VN891x/VN8810 interfaces:

For Windows 7 the above mentioned requirements apply, meaning the Windows updates and the certificate need to be installed.

These updates and certificates are included from VTP version 2.0.54. This or a higher VTP version and Vector Platform Manager Setup version needs to be included in the driver setup package. That is the case from driver setup 10.8.3 onwards. Then no further actions should be necessary.



Article ID: 1298
Last updated: 2019-03-20
Revision: 19
Hardware -> Basics and (Un)Installation -> Driver Certificate: SHA256 replaces SHA1
https://kb.vector.com/entry/1298/