Microsoft Partner Center HLKX driver submission: SHA2 error with SHA384 certificate

Question

We've been submitting drivers to Partner Center for validation and signature by Microsoft for a long time. Recently our Authenticode certificate expired, so we purchased a new one. When we submit driver packages signed by the new certificate, we get the following error:

Microsoft allows SHA2 only signature algorithm. Please re-sign with a valid certificate and submit again.

How can this be fixed or worked around?

Notes:

• The new certificate's signature algorithm is SHA384RSA, its hash algorithm is SHA384.
• The expired certificate's signature algorithm is SHA256RSA, its hash algorithm is SHA256.
• We did add the new certificate to Partner Center by signing the provided binary.
• Our entire process has worked for a long time. The only thing that changed is the Authenticode certificate.
• We've performed certificate updates in the past. They always worked well.

Answer 1

In a support ticket we opened, a Microsoft representative indirectly confirmed the SHA256 restriction. The solution, therefore, is to make sure that a vendor uses SHA256 instead of SHA384 before buying a certificate.

Sectigo doesn't do that, so we cannot use their certificate any more for our drivers. SSL.com, however, does. We bought a new certificate from them, it uses SHA256 and HLKX packages signed with it are processed correctly in MS Partner Center.