Installing Code Signing Certificates

To avoid popups when performing an unattended installation of the Guest Additions, the code signing certificates used to sign the drivers needs to be installed in the correct certificate stores on the guest operating system. If you do not do this, the installation will prompt you before the installation of each driver.

The certificates are stored for you if installing Guest Additions as part of the Windows unattended installation when creating a new VM. If you are automating the installation of Guest Additions yourself, you first need to install the code signing certificates on the VM.

Use the VBoxCertUtil.exe utility from the cert folder on the Guest Additions installation CD.

On some legacy Windows versions, such as Windows 2000 and Windows XP, the user intervention popups mentioned above are always displayed, even after importing the Oracle certificates.

  1. Log in as Administrator on the guest.

  2. Mount the Guest Additions ISO.

  3. Open a command line window on the guest and change to the cert folder on the Guest Additions CD.

  4. Run the following command:

    VBoxCertUtil.exe add-trusted-publisher vbox*.cer --root vbox*.cer

    This command installs the certificates to the certificate store. When installing the same certificate more than once, an appropriate error will be displayed.