Installer before 1 April 2019
PreviousNext

If the release date of the UPLINX Installer is before 1 April 2019, please follow the steps below to install the required root certificate from COMODO. Please note that the UPLINX code signing certificate from COMODO expires on 19 September 2019. Running the installer after this date will give warnings or errors. Hence the UPLINX code signing certificate has been replaced in April 2019 with a newer code signing certificate from SECTIGO.

If you see the name SECTIGO in the root certificate, this is a newer installer with a newer code signing certificate from SECTIGO, please use the steps in the main article .

Cause

Microsoft Windows does not recognize the code signing certificate of the UPLINX installer. The UPLINX code signing certificate is based on COMODO Certificate Authority (CA) as root certificate. If the root certificate is not present, Windows can not validate the UPLINX certificate and above message will appear. When internet access is present, Windows will automatically download new root certificates. So this issue primarily occurs on disconnected (no internet access) machines.

The COMODO CA root cert was released on 18 Sept 2014 but it is still possible that your machine might not have.

Solution

There are 3 options to install the missing COMODO root certificates:

1.) Manually install the required COMODO and VersiSign certificates from https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/985/108/code-signing-sha-2  . Scroll to the bottom of this page and open the 3x .crt files to install the certificates. Save these 3 files, double click on the certs to import them. Choose "Install Certificate..." and then, Local Machine, select "Trusted Root Certification Authorities" as per screenshot below.

1.1) Install the root certificate "VeriSign Universal Root Certification Authority"

Verisign root used for the issuance of SHA256 certificates.

It can be imported via this link:
https://symantec.tbs-certificats.com/vsign-universal-root.cer

Its CRL is available here: http://crl.ws.symantec.com/universal-root.crl

2.) Run Windows Update

3.) Install the Root Certificate update for Windows from Microsoft: https://support.microsoft.com/en-us/help/931125/how-to-get-a-root-certificate-update-for-windows

What should the Certificate Path look like?

Right click on the UPLINX installer executable in Windows File Explorer and select Properties > Digital Signatures > Details > View Certificate > tab Certification Path.

For reasons unknown to us (if somebody understands this fully, please let us know the reasons :-) the displayed Certification Path will be based on 'Comodo Secure" or 'The UserTrust Network' as root certificate.

 

UPLINX Code Signing Certificate Details

     

The error message says the file is corrupt, is this correct?

We believe not. The cause is the missing root certificates from COMODO. If you suspect the file is really corrupt, please check the MD5 checksum of the downloaded installer as listed on  https://www.uplinx.com/downloads/

How to resolve 'Countersignature is not valid'?

If the Countersignature is not valid as per screenshot below, install the root certificate "VeriSign Universal Root Certification Authority" (from the issuer of the "Symantec SHA256 TimeStamping CA" certificate) in case it missing on this computer.

Download it from https://knowledge.digicert.com/solution/SO25808.html  or copy to an empty text file, rename the file type to crt and then import into "trusted locations of the computer".

Installer fails: Countersignature not valid

 

 

 

 


© 2009-2020 www.uplinx.com. Last updated 17 Feb 2020.