Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Archiving and eDiscovery Community Blog

Digital signature related problems in recent EV builds (after September 2011)

Created: 14 Oct 2011 • Updated: 29 May 2014
StephenConnolly's picture
0 0 Votes
Login to vote

In line with best practice at the end of September 2011 the EV team deployed a renewed code signing certificate used for digitally signing files. The new certificate's trusted root may not present in the list of trusted root certificates of your Windows Server. In most cases Windows is able to automatically download and update the missing trusted root certificate without user intervention, but if your system is on a segregated network with no access to the DMZ or the automatic certificate update mechanism is disabled you may experience problems when validating signed files on the target system.

In most cases the problem is no worse than that you will get an error 'The issuer of this certificate could not be found' when you inspect the digital signature of the signed file and view the corresponsing certificate's Certification Path.

In the case of the FSA Agent the problem is worse, as the installation will fail on x64 systems when it attempts to validate the signature of the embedded driver package.

To remedy the problem you should either connect the target system to the internet and attempt to inspect the certificate's properties, or manually update the trusted root certificate on the target system. A copy of the certificate is attached to this post.