Windows does not have enough information to verify this certificate.

27 Jun

Here come SSL certificates again. In recent Operating Systems Microsoft made some changes in Root certificates by removing some of them. Probably the best way to illustrate this is try to install Java on Server 2008 R2. When you try to install it you’ll get the following error:
Error 1330. A file that is required cannot be installed because the cabinet file Data1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.


The SSL certificate that the file is digitally signed with is not trusted by the OS. Although if you use the same file to install Java on Windows 2003 server it would work fine.
To check what is happening with the file right click on it and go into properties.
Select Digital Signatures tab and click on Details.
You should see something like this:

The error says:
The certificate in the signature cannot be verified.

Click on View Certificate

Again there is exclamation mark and it states that:
Windows does not have enough information to verify this certificate.

Click on Certification Path tab

Here we can see that the certificate that is used to sign the application is fine but the one above it is not.
Select that certificate and click on view certificate

We see the same error as before
Windows does not have enough information to verify this certificate.

Click on Certification Path tab

Here we don’t see any other certificates and the error says that:
The issuer of this certificate could not be found.
Click on Details tab and select the issuer

Here you can see the details about the issuer. If you check the certificate stores you’ll see that there is no corresponding certificates for this issuer and therefor it is not trusted.
Go to http://www.verisign.com/support/roots.html here you can download all root certificates the one we need is VeriSign Class 3 Public Primary CA – G2 as stated in the image above. You can download all root certificates from http://www.verisign.com/support/roots.zip or just a PEM file for the specific certificate.
Once downloaded install the certificate and install/import it to Trusted Root Certification Authorities store.
If you want to install the certificate under Computer account use MMC console to install the certificate.
Once certificate is installed right click on the cab file again and check digital signature. It should say:
This digital signature is OK.

Tags: , , ,

7 Responses

  1. Rosalind says:

    Howdy! Would you mind if I share your blog with my twitter group?
    There’s a lot of folks that I think would really enjoy your content. Please let me know. Many thanks

  2. MizHowdy says:

    Thanks so much. I’ve been trying to get installs to work on a virtual PC for days…this was the only place I found that indicated there was a “tree” that needed checking!

    I’ve saved a link to this page…my users may bump into this same issue some day.

    Thanks again!

  3. wasantha says:

    i cant understand you mean exe file. ” Once certificate is installed right click on the exe file .”

  4. Harold says:

    HI,
    Thank you very much , solved my issue, Thanks.

  5. Amit Kshirsagar says:

    Thaks it helped me lot

Leave a Reply to Andrius

IT Blog

Just another blog on Kozeniauskas.com Network