Invalid digital signature during installation

No time to read? Just ignore all the background info and action the part highlighted in red below.

Muhimbi's installer and software is digitally signed. This is generally good practice and proves that the file has been issued by Muhimbi and has not been tampered with.

As per Microsoft's recommendations, the code is signed using a certificate issued by an authority that is trusted by all Windows versions. 

Some of our customers run Windows Server installations where some of the standard certificates have been removed or Automatic Root Certificate Update  has been disabled resulting in the following error during installation:
 

A file that is required cannot be installed because the cabinet file [long path 
to cab file
] has an invalid digital signature. This may indicate that the cabinet
file is corrupt.

 
If you are experiencing this problem then please check with your IT department and ask for the appropriate certificates to be installed on the relevant Windows servers. Details are provided at the end of this article.

Alternatively make sure the Group Policy at Computer Configuration / Administrative Templates / System / Internet Communication Management / Internet Communication settings / Turn off Automatic Root Certificate Update is temporarily Disabled. It can be enabled again after a successful installation. The group policy editor can be started using gpedit.msc. Once the setting has been changed, make sure the group policies are refreshed by running gpupdate.exe /force on the affected machine.

In some cases your server may not be able to check the validity of your certificate because it cannot connect to the public internet. In that case asking your administrators to temporarily enable internet access may solve the problem as well.

The reason that some system Administrators choose to lock down this setting is largely historical as in late 2012 Microsoft had an issue with automatic root certificate updates. This has been long resolved, there is no risk in temporarily changing this setting.

 

You can determine which certificate is missing / invalid using the following procedure:

  1. Right-click the PDF Converter's setup.exe and select Properties.
  2. Navigate to the Digital Signatures tab, select the Muhimbi Ltd signature and click Details.
  3. Under Digital Signature Information it will tell you the status of the digital signature. If it states that the certificate in the signature cannot be verified then the Globalsign root certificate is most likely not present on your system.
  4. Click View Certificate.
  5. Navigate to the Certification Path tab.
  6. Click each certificate in the path to see the status of the certificate at the bottom of the window.

 

If the highlighted steps mentioned above cannot be executed, or do not have the expected result, then the missing certificates can be installed as follows. Please note that you can determine the version of your Muhimbi software by right clicking on setup.exe, selecting Properties / Details / Product version.

  1. For Muhimbi PDF Converter version 8.0
    1. Download the GlobalSign Root R1 certificate here.
    2. Download the Muhimbi certificate here.
  2. For Muhimbi PDF Converter versions 8.1 - 10.1
    1. Download the GlobalSign Root R1 certificate here.
    2. Download the Muhimbi certificate here.
  3. For Muhimbi PDF Converter versions starting with version 10.1.1
    1. Download the GlobalSign Root R3 certificate here.
    2. Download the GlobalSign Root R6 certificate here.
  4. For each downloaded certificate, right-click the file and select Install Certificate.
  5. Follow the wizard to install all certificates in the Trusted Root Certification Authorities.

 

If you have any questions please contact us.

 

Have more questions? Submit a request

2 Comments

  • 0
    Avatar
    Riwut Libinuko

    Hi, 

    I just want to comment - the temporary settings should be Enabled instead of Disabled. Disabling this setting will make the computer checks against Windows Update, while enabling the setting will stop the computer from contacting Windows Update.

    Computer Configuration / Administrative Templates / System / Internet Communication Management / Internet Communication settings / Turn off Automatic Root Certificate Update is temporarily ==> Enabled

  • 0
    Avatar
    Jeroen Ritmeijer

    Thanks @Riwut, but if you 'Enable' the 'Turn off Automatic Root Certificate Update' setting, you are turning off the automatic update while you want to turn on the automatic updates so the latest certs can be retrieved. 

    Or am I misunderstanding what you are trying to say?

Please sign in to leave a comment.