Invalid digital signature during installation
No time to read? Just ignore all the background info and action the part highlighted in red below.
Muhimbi’s installer and software is digitally signed. This is generally good practice and proves that the file has been issued by Muhimbi and has not been tampered with.
As per Microsoft’s recommendations, the code is signed using a certificate issued by an authority that is trusted by all Windows versions.
Some of our customers run Windows Server installations where some of the standard certificates have been removed or Automatic Root Certificate Update has been disabled resulting in the following error during installation:
A file that is required cannot be installed because the cabinet file [long path to cab file] has an invalid digital signature. This may indicate that the cabinet file is corrupt.
If you are experiencing this problem then please check with your IT department and ask for the appropriate certificates to be installed on the relevant Windows servers. Details are provided at the end of this article.
Alternatively make sure the Group Policy at Computer Configuration / Administrative Templates / System / Internet Communication Management / Internet Communication settings / Turn off Automatic Root Certificate Update is temporarily Disabled. It can be enabled again after a successful installation. The group policy editor can be started using gpedit.msc. Once the setting has been changed, make sure the group policies are refreshed by running gpupdate.exe /force on the affected machine.
In some cases your server may not be able to check the validity of your certificate because it cannot connect to the public internet. In that case asking your administrators to temporarily enable internet access may solve the problem as well.
The reason that some system Administrators choose to lock down this setting is largely historical as in late 2012 Microsoft had an issue with automatic root certificate updates. This has been long resolved, there is no risk in temporarily changing this setting.
You can determine which certificate is missing / invalid using the following procedure:
-
Right-click the Document Converter’s setup.exe and select Properties.
-
Navigate to the Digital Signatures tab, select the Muhimbi Ltd signature and click Details.
-
Under Digital Signature Information it will tell you the status of the digital signature. If it states that the certificate in the signature cannot be verified then the Globalsign root certificate is most likely not present on your system.
-
Click View Certificate.
-
Navigate to the Certification Path tab.
-
Click each certificate in the path to see the status of the certificate at the bottom of the window.
If the highlighted steps mentioned above cannot be executed, or do not have the expected result, then the missing certificates can be installed as follows. Please note that you can determine the version of your Muhimbi software by right clicking on setup.exe, selecting Properties / Details / Product version.
-
For Muhimbi Document Converter version 8.0
-
For Muhimbi Document Converter versions 8.1 - 10.1
-
For Muhimbi Document Converter versions starting with version 10.1.1
-
For each downloaded certificate, right-click the file and select Install Certificate.
-
Follow the wizard to install all certificates in the Trusted Root Certification Authorities.
If you have any questions please contact us.