nt5src最新driver.pfx（testroot）证书，有效期至2122年

psj_csdn

已于 2022-09-16 12:00:34 修改

阅读量1k

点赞数 2

分类专栏： nt5src 文章标签： windows

于 2022-09-16 11:56:54 首次发布

本文链接：https://blog.csdn.net/psj_csdn/article/details/126883927

版权

本文详细介绍了如何在Linux或macOS环境下生成nt5src的driver.pfx（testroot）证书，包括环境准备、证书生成、证书更新和编译安装程序的步骤。特别指出，2020年nt5src构建指南的openssl配置存在问题，文章提供了修正后的配置文件。完成所有步骤后，新证书有效期至2122年，可用于测试驱动签名。

摘要由CSDN通过智能技术生成

文章目录

前言

今天和大家分享怎么制作nt5src的driver.pfx（testroot）证书。

2020年10月的nt5src构建指南里面的“openssl.txt”是有问题的。

具体的制作过程如下

一、环境准备

1.操作系统

制作环境的操作系统推荐linux或mac（不建议用windows因为要安装openssl环境很麻烦V_V）。

我自己是用 centos 7.6 和 macOS 11都测试通过的，这两个系统都自带openssl不用折腾，而且openssl命令都是兼容的！

2.配置文件

选好了操作系统后，先编辑好4个配置文件“testroot.conf”、“testpca.conf”、“vbl03ca.conf”、“driver.conf”。以下是基于“win2003_prepatched_v10a”指南包的conf配置文件进行修改。具体修改如下：

2.1、testroot.conf

oid_section = xca_oids

[ xca_oids ]
dom = 1.3.6.1.4.1.311.20.2
MsCaV = 1.3.6.1.4.1.311.21.1
msEFSFR = 1.3.6.1.4.1.311.10.3.4.1
iKEIntermediate = 1.3.6.1.5.5.8.2.2
nameDistinguisher = 0.2.262.1.10.7.20
id-kp-eapOverPPP = 1.3.6.1.5.5.7.3.13
id-kp-eapOverLAN = 1.3.6.1.5.5.7.3.14

[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = xca_dn0
x509_extensions = xca_extensions0
req_extensions = xca_extensions0
string_mask = MASK:0x2002
utf8 = yes
prompt = no

[ ca ]
default_ca = testroot

[ xca_dn0 ]
0.OU=Copyright (c) 1999 Microsoft Corp.
1.CN=Microsoft Test Root Authority
2.OU=Microsoft Corporation

[ xca_extensions0 ]
certificatePolicies=ia5org,@certpol0_sect
authorityKeyIdentifier=keyid,issuer
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[certpol0_sect]
policyIdentifier=1.3.6.1.4.1.311.10.3.5
userNotice.0=@certpol0_sect_notice0_sect

[certpol0_sect_notice0_sect]
explicitText=This certificate is used to sign untested drivers that have not passed the Windows Hardware Quality Labs (WHQL) testing process. This certificate and drivers signed with this certificate are intended for use in test environments only, and are not intended for use in any other context. Vendors who distribute this certificate or drivers signed with this certificate outside a test environment may be in violation of their driver signing agreement. Vendors who have their drivers signed with this certificate do so at their own risk. In particular, Microsoft assumes no liability for any damages that may result from the distribution of this certificate or drivers signed with this certificate outside the test environment described in a vendors driver signing agreement.

[ testroot ]
dir = testroot
certs = $dir
new_certs_dir = $dir/testroot.db.certs
database = $dir/testroot.db.index
serial = $dir/testroot.db.serial
RANDFILE = $dir/testroot.db.rand
certificate = $dir/testroot.pem
private_key = $dir/testroot.key
default_days = 3650
default_crl_days = 30
default_md = md5
preserve = no
policy = generic_policy0

[ generic_policy0 ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = optional
emailAddress = optional

[ sub_ca_ext ]
certificatePolicies=ia5org,@certpol1_sect
keyUsage=nonRepudiation, keyCertSign, cRLSign
authorityKeyIdentifier=keyid:always
subjectKeyIdentifier=hash
basicConstraints=critical,CA:TRUE

[certpol1_sect]
policyIdentifier=1.3.6.1.4.1.311.10.3.7
userNotice.0=@certpol1_sect_notice1_sect

[certpol1_sect_notice1_sect]
explicitText=This certificate is used to sign untested drivers that have not passed the Windows Hardware Quality Labs (WHQL) testing process.