Signing Drivers with a Digital Certificate
Computer users without administrator privileges cannot install unsigned drivers! Drivers must be signed by certificates that Windows 7 trusts, while a user account with administrator privileges can install unsigned drivers. In the case of a network environment where ordinary users need to install unsigned drivers or applications, an administrator can authorize such installation using a self-signed digital certificate.
Digital Certificates allow users to identify that the source of the device driver or application is a legitimate publisher. It does not mean that the driver or application is bug free but its source is trustworthy that is, coming from its claimed source and it is intact.
A self-signed certificate will be valid only to your environment and can be created from a certificate authority server running Windows Server and Certificate Services. In order to have a certificate that is recognized by other users outside your organization, it needs to be issued by an external Certificate Authority such as, VeriSign. It is recommended to thoroughly test self-signed drivers in a test environment prior to deployment on production machines.
Categories: Devices Tags: CA, Certficate Server, Certificate Authority, Digital Certificate, MakeCert, Signing Drivers, Signtool, unsigned, unsigned drivers, VeriSign