Amateur Radio Certificate Authority.

Running some kind software on the latest Microsoft Windows-7 and 8 systems (64bit) will need (sometimes) certificates for code signing. Installing a driver on the system will need a signed driver package!
A developer will need a user certificate for the code signing, a user only need to install the ROOT certificate.

Buying a certificate by the developer, that can be used for code signing, will cost some money! Making the certificate is easy and need some initial installation for every end user PC. This certificate authority will supply a Ham Radio Amateur (or a small company that is selling Radio Amateur devices) with a code signing certificate. The users of the software can be asked to install the ROOT certificate.

SoftRock40 & Ensemble SDR receivers.

Running the Si570 controlled SoftRock40 SDR receivers (Tony KB9YIG) on a Windows-7/8 64bit system will need the installation of the singed USB driver that is signed by this ROOT certificate.

The SoftRock firmware can be controlled from the PC to set the requested RX (or TX) frequency (and other parameters). The PC software is using the LibUSB-Win32 driver "libusb0.sys" to speak to the firmware.
The libusb0.sys driver is a kernel-mode driver, on a Window-7/8 64bit system kernel-mode drivers can only be installed if the driver is signed by a certificate from Microsoft (or a derivative certificate). The LibUSB-Win32 open-source group did managed to get the driver (.sys) signed, the driver can now be used without special tricks.
The SoftRock firmware driver package that is using the libusb0.sys (and libusb0.dll) driver (.cat/.inf) is also signed with a other certificate to make a smooth installation of the package possible. The certificate used for that signing is signed by a ROOT certificate from the (Amateur Radio Certificate Authority). For user smooth installation install first the ROOT certificate and then install the USB device.

Amateur Radio ROOT Certificate.

Installing the ROOT certificate will mean that you trust the software that is signed by that certificate or the derivative developer certificates!

Other Radio Amateurs (with a valid call sign) may request a certificate on there own that is signed with this ROOT certificate, please send a email for that to my call at gmail.com. The list of signed certificates (call's) will be published on this web-page.

Installing the ROOT certificate will show the MD5 and/or SHA1 fingerprint, check that with the code on this site for security reasons.

	MD5 Fingerprint=EB:2F:2B:69:63:38:E2:41:D3:D8:70:85:F8:79:BF:C9
	SHA1 Fingerprint=47:44:CB:80:EF:A6:F5:7F:7C:D1:6F:58:0C:D6:39:13:3B:9E:28:52
	

Easy install Amateur Radio ROOT Certificate.

To install the certificate in a easy way there is a small program that can be downloaded by the user. Run the program and hit the "Install Cert" button. The program need Administrator privilege to install the certificate in the Microsoft Certificate store.

Download the Root certificate.

The certificate file can be downloaded by the user that want to examen it or install it by hand. It is available in some different file formats, the certificate is always the same.

The Amateur Radio Certificate Authority .crt or the .pem file. To use the certificate revocation list the .crl file can be used (it is most of the time not needed).

Install Amateur Radio ROOT Certificate by hand.

To install the certificate on your system it must be installed as a Local Machine certificate, otherwise it will not work for installing devices.
Take the next steps to install the certificate as a Trusted Root certificate on Local Machine.

• Start and run MMC.exe.
• Menu "File" / "Add/Remove Snap-in..." and "Add" Certificates.
• Select the "Computer account".
• Select the "Local Computer" and "Finish", then OK.
• Open the "Certificates" and "Trusted Root Certification Authorities" / "Certificates".
• Menu "Action" / "All Tasks" / "Import..." and press "Next >".
• Browse to the saved Amateur Radio Certificate Authority Root Certificate.
• Press "Next >".
• Press "Finish".
• The installed certificate will be seen in the screen.

Amateur Radio ROOT Certificate printout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            82:8a:8b:0c:e6:b1:8f:a0
        Signature Algorithm: md5WithRSAEncryption
        Issuer: CN=Amateur Radio Root Certificate., O=Amateur Radio PE0FKO, OU=Netherland
        Validity
            Not Before: Jul  1 20:32:53 2010 GMT
            Not After : Jun 28 20:32:53 2020 GMT
        Subject: CN=Amateur Radio Root Certificate., O=Amateur Radio PE0FKO, OU=Netherland
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (2048 bit)
                Modulus (2048 bit):
                    00:93:4c:a9:ca:de:f2:ec:f4:c2:ad:21:b3:f4:82:
                    e3:31:c4:00:dd:8d:3b:db:7a:49:ff:41:28:3d:21:
                    2c:35:26:6d:eb:ca:27:7a:c9:82:a7:57:e0:dc:58:
                    c5:1a:2f:fb:06:f8:47:4b:98:7e:f0:1d:ed:10:66:
                    52:35:16:f8:d1:4f:13:78:bc:29:3d:6d:09:83:0b:
                    65:46:e9:66:6d:b2:b9:1c:af:39:fa:67:ed:13:f3:
                    84:d4:91:cb:03:f0:71:64:49:4e:23:4b:60:87:97:
                    d0:b7:a1:69:37:b8:32:54:90:87:3d:da:4d:3d:25:
                    3b:a5:de:75:2a:0b:20:20:4f:32:31:8e:b8:15:a0:
                    00:39:c0:44:2d:45:b1:23:0d:b1:b9:85:54:48:7c:
                    3a:f7:f4:57:a7:af:2b:63:fc:14:ec:df:46:30:61:
                    34:88:07:4b:ec:6b:33:f8:7b:c7:0b:18:91:90:a4:
                    3d:00:b8:e0:20:a2:32:36:80:e4:41:28:b8:cf:50:
                    16:96:11:9d:ce:64:db:72:08:cb:ac:a9:9d:d1:7d:
                    47:55:99:0b:a8:06:a7:cb:01:7b:bb:71:94:5c:cf:
                    99:bf:0a:b5:5e:d4:0d:b6:2d:2f:23:82:d5:dc:be:
                    3b:2c:7a:5b:5c:41:94:62:e1:03:a1:82:51:8f:32:
                    f4:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:C7:A1:A5:B5:90:0C:C1:7E:66:AD:3B:5E:26:7E:E1:10:3A:1D:43
            X509v3 Authority Key Identifier:
                keyid:FC:C7:A1:A5:B5:90:0C:C1:7E:66:AD:3B:5E:26:7E:E1:10:3A:1D:43
                DirName:/CN=Amateur Radio Root Certificate./O=Amateur Radio PE0FKO/OU=Netherland
                serial:82:8A:8B:0C:E6:B1:8F:A0

            X509v3 Basic Constraints:
                CA:TRUE
            X509v3 Key Usage:
                Certificate Sign, CRL Sign
            Netscape Cert Type:
                SSL CA, S/MIME CA, Object Signing CA
            X509v3 Subject Alternative Name:
                

            X509v3 Issuer Alternative Name:
                

            Netscape Comment:
                Amateur Radio Root Certificaat.
            Netscape Base Url:
                https://home.ict.nl/~fredkrom/pe0fko/ca
            Netscape CA Revocation Url:
                https://home.ict.nl/~fredkrom/pe0fko/ca/ca.crl
    Signature Algorithm: md5WithRSAEncryption
        18:10:d2:cf:70:b5:2f:43:18:fa:30:b9:d9:fe:7f:46:e8:f5:
        ee:ce:48:87:78:ac:bb:22:ec:07:5b:10:13:50:96:31:fd:ce:
        f0:53:5b:53:02:51:e0:d8:83:ee:98:e5:8e:13:5c:a9:9f:c1:
        16:37:66:84:94:68:29:6e:ba:73:8a:77:97:d1:61:aa:dc:4b:
        6a:e9:18:7d:e5:d6:e8:df:bf:93:33:af:9e:50:d5:e0:cb:3e:
        d7:4d:33:13:e4:78:c8:2c:9c:28:99:a7:c2:e5:c5:c2:04:11:
        42:14:1a:61:64:22:fd:d8:5a:35:1c:6f:c0:de:fa:86:15:54:
        ae:12:bb:c0:48:d4:11:b2:4e:d0:a7:8a:ea:db:45:32:06:08:
        da:98:6b:8c:35:c1:ea:7e:5a:5f:0e:c2:65:98:bc:42:48:0a:
        20:b1:67:70:1a:5b:41:4b:b6:6d:77:73:4f:3d:16:f5:46:e6:
        5c:24:2a:87:20:cb:55:b8:8a:c9:8e:e8:3c:b9:6a:5c:d7:d7:
        34:ed:ca:02:67:57:29:f3:9c:c5:a9:e1:96:2a:36:19:16:db:
        a9:10:96:cd:2f:41:aa:56:1d:b7:0d:61:ec:80:66:a9:bf:08:
        68:6f:9c:cc:16:e8:81:e6:a1:1a:81:a9:7f:55:24:bd:e0:52:
        e9:71:0a:f8

File last modified on Monday, 03-Dec-2012 14:00:48 CET