On 10.07.2016 19:58, Selva Nair wrote:
Hi,
The instructions in Selva's link weren't enough to convince windows to
trust the driver. I had to also enable debug mode and I signed it with one of
my own certificates.
You have to sign the driver even in test-signing mode -- only the requirement
for verified signature is not imposed so that the developer can use a
self-signed certificate. This is explained in the test-signing docs on MSDN.
Selva
Hello Selva,
That's what I did, but Windows did not accept the signed driver and displayed
an error in the device manager. My application could not open a handle on the
TAP device. Therefore it did not work correctly.
Hi,
Just in case you managed to miss these:
<https://community.openvpn.net/openvpn/wiki/BuildingTapWindows6>
<https://github.com/mattock/sign-tap6/>
I spent lots of time getting Authenticode signatures for official
tap-windows6 release just right. I assume that even in test mode the
only relaxed requirement is that the certificate chain does not need to
lead to a known-good CA. The other parameters still need to be just
right (e.g. hash algorithm).
When you get to the point where you want to distribute the driver to
users, you will (for the time being) need two different signatures for
the driver to work properly on all (supported) Windows versions. The
"sign-tap6" tool I wrote (above) can help you automate that.
--
Samuli Seppänen
Community Manager
OpenVPN Technologies, Inc
irc freenode net: mattock
