Saturday, September 5, 2015

Export Oracle Virtualbox signed hardware cert and slipstream it into a Windows install

If you deploy a lot of Windows 7 boxes using Virtualbox and resort to slipstreaming prerequisite files using nlite and/or answer files, you know the fully automated Virtualbox Guest Additions stops and prompts for input due to an unsigned driver from Oracle:



Thus, the install is not fully automated. To get around this, you can export the cert from another Windows guest that has Virtualbox installed using Powershell.

Run powershell with elevated privileges and execute these commands:

cd cert:\LocalMachine\TrustedPublisher
$cert = dir | where { $_.Subject -like "*Oracle*" }
$type = [System.Security.Cryptography.X509Certificates.X509ContentType]::Cert
$bytes = $cert.Export($type)
[System.IO.File]::WriteAllBytes("C:\oracle.cer", $bytes)

You should have an Oracle hex encoded cert in the root of your C: drive named oracle.cert.



To make this easier to install during the slipstream process, encode the cert in a 7zip SFX executable file. (sounds more complicated than it is if you've never used it. It simply creates an executable zip file),


Now, using NTLite, or whatever app of choice, for your post process scripts, we need to extract the cert to the C: drive and import it into the host using certutil.


oracle.exe -oc:\ -y

(There is no space between the o and c in the script above)

certutil -addstore -f "TrustedPublisher" c:\oracle.cer

You should have something like this:


After you compile the ISO, your fully automated installs shouldn't prompt to trust that cert in the middle of your post processing.