Microsoft Kernel-Mode Code Signing Certificates

Microsoft is changing the process for signing your kernel-mode driver packages
Starting in 2021, Microsoft will be the sole provider of production kernel-mode code signatures. You will need to start following Microsoft’s updated instructions to sign any new kernel-mode driver packages going forward. To lean more, see our knowledge base article—Microsoft sunsetting support for cross-signed root certificates with kernel-mode signing capabilities.

Kernel-Mode Code Signing Certificates for Publishing Drivers for Windows

Kernel-Mode Code Signing certificates are designed to allow you to digitally sign driver packages.Signing driver packages lets your users know that they’re installing a program released by Your Company, Inc. In addition, when users first run the installer, they can verify that the driver package arrived unchanged (i.e., no one tampered with it).

If someone has tampered with your installer for your kernel-mode certificate, the installer package will not show as being issued by your company when your customer runs it. Instead, it shows as an untrusted program, warns the user, and prompts them to decide whether they really want to run the package.

If your users are running a 64-bit version of Windows 8, Windows 7, or Windows Vista, they'll receive an error "Windows Requires a Digitally Signed Driver". With this warning, users won’t have to worry about being stuck with a virus when they thought they were getting your authentic driver.

The process is simple. You write your kernel-mode drivers, sign them with a certificate from DigiCert, and your customers are delivered a valuable product they know is safe because they trust the company that released it.

Get code signing certificates for just $474/year

Buy Now

Kernel-Mode Certificate Features

When you buy a DigiCert Code Signing Certificate, the benefits include the following:

  • Signed Driver Packages Valid Indefinitely

    A kernel-mode certificate lets you sign driver executable packages that are trusted in the version of Windows for which you're releasing (Windows 8, Windows 7, or Windows Vista 32-bit or 64-bit)—for the entire lifetime of the certificate. All signed packages are valid indefinitely.

  • Get a Code Signing Certificate for Microsoft Kernel-Mode Code

    With DigiCert, you can request a separate Code Signing certificate for Microsoft Kernel-Mode Code at no extra cost. For more information, see Reissue or Re-Key Your Code Signing Certificate, and make sure to select Microsoft Kernel-Mode Code as your server platform.

  • Email, Call, or LiveChat 24/7

    Email, call, or start a live chat with our friendly customer support staff. They can help solve any problems you may run into quickly and professionally—for free!


Vaya a la página de Certificados de Firma de Código en Modo Kernel en español.