Operating Systems may have unknown signing issues or driver not signed issues if the computer under test is not connected to the internet. If the computer under test is connected to the internet, then the new certificates are automatically downloaded when a driver is installed and there will not be any issues. Sometimes the CA vendors are also able to help out in resolving the issues when the computer under test is not connected to the internet. Read: How to identify unsigned drivers using sigverif utility.
No signature was present in the subject
When a catalog file (.cat) is signed using a new VeriSign released signing certificate which uses the SHA256 algorithm, if you open the signed cat file and view signature, you may notice the No signature was present in the subject message. To resolve the issue, you may ask VeriSign to provide a replacement certificate at no cost signed with the SHA1 hash algorithm. Alternatively, you can buy another SHA1 certificate and sign the file with two signatures as shown below if you want to keep both certificates. Note that only .sys files can be dual signed because they are PE files. Where ZZ…ZZ is the hash of the certificate you are using for the secondary signature. Add /tr to timestamp signing. Additional note: Use of SHA1 certificate was deprecated by Microsoft starting from January 1, 2016. All CA vendors must issue signing certificates with the SHA256 hash algorithm. Windows stopped accepting SHA1 code signing certificates without time stamps after 1 January 2016. Microsoft has also stated now that after installing KB4579311, Windows 10 may warn you when installing some third-party drivers: Hope this helps! Related post: Windows requires a digitally signed driver.
