You may have signed with your self-signed certificate, and you may even have added it to some random place in the certificate store, but your driver isn't WHQL signed. Please review these topics, depending on what your operating system is: http://msdn.microsoft.com/en-us/library/ff543654(VS.85).aspx
Specifically, they state the following regarding quiet installation (which you are trying to do by turning off Legacy): * Windows Vista/7 quiet install of Authenticode-signed non-WHQL driver: "If the certificate that was used to sign the driver package is not installed in the user's certificate stores [Trusted Publishers I believe] before the installation, the installation will fail." To be precise, even if you sign your driver with Authenticode with VeriSign / trusted root CA, you can't install it quietly on a fresh copy of Windows because it's not WHQL-class and your certificate isn't in Trusted Publishers. Only WHQL-class, Authenticode-signed drivers can be installed quietly on a clean copy of Windows. * Windows XP quiet install of Authenticode-signed non-WHQL driver: "Because of a limitation in Windows XP and Windows 2000, the DIFx tools cannot perform a quiet installation of PnP function drivers." Have you even tried turning on the Legacy option? I bet you'll still get some warnings that you have to click through when you turn Legacy on. Just try it and see what happens! The thing to do is probably just turn Legacy on for development. Once you have your driver WHQL signed, turn it off. Maybe you can get around this on Windows Vista by adding your self-signed cert to both trusted root CAs and trusted publishers, I don't know. Never bothered to try. The only real solution that works is something WHQL-signed, and I believe the Authenticode signature has to come from VeriSign. Then you can turn Legacy off and it will work on Windows 2000 and up. Your original e-mail that stated you got the TRUST_E_NOSIGNATURE error makes it pretty obvious what the problem is - you don't have a valid signature for some reason. Turn on Legacy mode, and the resulting prompts may give you some clues as to what is going on. Regarding per-user vs. per-machine: I don't really see how it's possible to do per-user when a driver is installed. I set my install (which includes drivers) to be per-machine only to avoid confusion. James -----Original Message----- From: Peter Hull [mailto:peterhul...@hotmail.com] Sent: Tuesday, January 17, 2012 22:17 To: WiX Users Subject: Re: [WiX-users] difx extension and perMachine installs > If the driver is not signed, and you say it is not, then you need the > Legacy option. I did say that; what I meant was "not signed with a certificate from a CA." It is self-signed at the moment. Apologies for the confusion. I'd still like to hear if anyone has any comments on a per-user install which includes a device driver - is it always better to do it per-machine. Pete ---------------------------------------------------------------------------- -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users ------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
