Invalid digital signature during installation

No time to read? Just ignore all the background info and action the part highlighted in red below.

As of Version 8.0 of the PDF Converter, the installer is digitally signed. This is generally good practice and proves that the file has been issued by Muhimbi and has not been tampered with.

As per Microsoft's recommendations, the code is signed using a certificate issued by an authority that is trusted by all Windows versions. 

Some of our customers run Windows Server installations where some of the standard certificates have been removed or Automatic Root Certificate Update  has been disabled resulting in the following error during installation:

 

A file that is required cannot be installed because the cabinet file [long path to cab file] has an invalid digital signature. This may indicate that the cabinet file is corrupt.

 

If you are experiencing this problem then please check with your IT department and ask for the appropriate certificates to be installed on the relevant Windows servers. Alternatively make sure the Group Policy at Computer Configuration / Administrative Templates / System / Internet Communication Management / Internet Communication settings / Turn off Automatic Root Certificate Update is temporarily Disabled. It can be enabled again after a successful installation. The group policy editor can be started using gpedit.msc, after making the change make sure the group policies are refreshed by running gpupdate.exe /force on the affected machine.

In some cases your server may not be able to check the validity of your certificate because it cannot connect to the public internet. In that case asking your administrators to temporarily enable internet access may solve the problem as well.

The reason that some system Administrators lock down this setting is largely historical as in late 2012 Microsoft had an issue with automatic root certificate updates. This has been long resolved, there is no risk in temporarily changing this setting.

 

You can determine which certificate is missing / invalid using the following procedure:

  1. Right-click the PDF Converter's copy of setup.exe and select Properties.
  2. Navigate to the Digital Signatures tab, select the Muhimbi Ltd signature and click Details.
  3. Under Digital Signature Information it will tell you the status of the digital signature. If it states that the certificate in the signature cannot be verified then the Globalsign root certificate is most likely not present on your system.
  4. Click View Certificate.
  5. Navigate to the Certification Path tab.
  6. Click each certificate in the path to see the status of the certificate at the bottom of the window.

 

All required certificates can be installed as follows:

  1. Download the Muhimbi certificate for version 8.0 or for 8.1 and later.
  2. Download the GlobalSign Root R1 certificate here.
  3. For each downloaded certificate, right-click the file and select Install Certificate.
  4. Follow the wizard to install all certificates in the Trusted Root Certification Authorities.

 

If you have any questions please contact us.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.