Invalid digital signature during installation

This article is for 'pre-10.0' (December 2019) versions of the Muhimbi PDF Converter. If you are experiencing this problem in newer versions then please contact our support desk.


No time to read? Just ignore all the background info and action the part highlighted in red below.

As of Version 8.0 of the PDF Converter, the installer is digitally signed. This is generally good practice and proves that the file has been issued by Muhimbi and has not been tampered with.

As per Microsoft's recommendations, the code is signed using a certificate issued by an authority that is trusted by all Windows versions. 

Some of our customers run Windows Server installations where some of the standard certificates have been removed or Automatic Root Certificate Update  has been disabled resulting in the following error during installation:


A file that is required cannot be installed because the cabinet file [long path to cab file] has an invalid digital signature. This may indicate that the cabinet file is corrupt.


If you are experiencing this problem then please check with your IT department and ask for the appropriate certificates to be installed on the relevant Windows servers. Alternatively make sure the Group Policy at Computer Configuration / Administrative Templates / System / Internet Communication Management / Internet Communication settings / Turn off Automatic Root Certificate Update is temporarily Disabled. It can be enabled again after a successful installation. The group policy editor can be started using gpedit.msc, after making the change make sure the group policies are refreshed by running gpupdate.exe /force on the affected machine.

In some cases your server may not be able to check the validity of your certificate because it cannot connect to the public internet. In that case asking your administrators to temporarily enable internet access may solve the problem as well.

The reason that some system Administrators lock down this setting is largely historical as in late 2012 Microsoft had an issue with automatic root certificate updates. This has been long resolved, there is no risk in temporarily changing this setting.


You can determine which certificate is missing / invalid using the following procedure:

  1. Right-click the PDF Converter's copy of setup.exe and select Properties.
  2. Navigate to the Digital Signatures tab, select the Muhimbi Ltd signature and click Details.
  3. Under Digital Signature Information it will tell you the status of the digital signature. If it states that the certificate in the signature cannot be verified then the Globalsign root certificate is most likely not present on your system.
  4. Click View Certificate.
  5. Navigate to the Certification Path tab.
  6. Click each certificate in the path to see the status of the certificate at the bottom of the window.


All required certificates can be installed as follows:

  1. Download the Muhimbi certificate for version 8.0 or for 8.1 and later.
  2. Download the GlobalSign Root R1 certificate here.
  3. For each downloaded certificate, right-click the file and select Install Certificate.
  4. Follow the wizard to install all certificates in the Trusted Root Certification Authorities.


If you have any questions please contact us.


Have more questions? Submit a request


  • 0
    Riwut Libinuko


    I just want to comment - the temporary settings should be Enabled instead of Disabled. Disabling this setting will make the computer checks against Windows Update, while enabling the setting will stop the computer from contacting Windows Update.

    Computer Configuration / Administrative Templates / System / Internet Communication Management / Internet Communication settings / Turn off Automatic Root Certificate Update is temporarily ==> Enabled

Please sign in to leave a comment.