Fixing Certificate Problems Some users have recently had problems installing Silect products. The symptoms are typically an error like the following: The issue arises for one of two reasons. 1) Silect Software signs downloads with a digital certificate provided by GlobalSign. The GlobalSign certificate may not be trusted on your system. 2) Current certificates use the SHA-2 algorithm (which sometimes shows up as SHA256). This is a newer algorithm that was not build into Windows 7 or Windows Server 2008 R2 (earlier versions are not supported by Silect). Both of these problems are usually able to be solved by installing appropriate patches from Windows Update. That leads to the first recommendation: 1) Apply all patches from Windows Update. We realize that apply all patches is not always possible. But if applying all patches is a possibility, try that first. If installing on Windows 7 or Windows Server 2008 R2 and unable to install all patches, the second recommendation is: 2) Ensure SHA-2 support is installed. See the SHA-2 Support below. For all operating systems, the certificate chain may need to be updated. 3) Install any required certificates. See the GlobalSign Root Certificates section.
SHA-2 Support If you are using Windows 7 or Windows Server 2008 R2, support for the SHA-2 algorithm may be missing. To install on one of these systems the KB3033929 patch must have been applied. If the KB3033929 patch has not been applied, then to update these systems with SHA-2 support see the following Microsoft Security Advisory. Microsoft Security Advisory 3033929 Availability of SHA-2 Code Signing Support for Windows 7 and Windows Server 2008 R2 GlobalSign Root Certificates For Windows to trust a certificate, the certificate must pass validity checks, and must have been issued by a trusted root certificate. The trust chain requires that all certificates leading to the root certificate also pass the same tests. If one of the certificates in this chain is not trusted, then our signing certificate is not able to be trusted. The solution to this is to ensure that all the root and intermediate certificates have been installed. Again, Windows Update should provide these, if you can install the correct patches. To find which certificates may be missing, and get them installed, follow these steps: 1) Right-click on the install program (for instance ConfigWise.exe or MPAuthorSetup.exe) and select Properties. 2) From the Properties window, select the Digital Signatures tab. 3) Click on the Silect Software item in the Signature list, and then click on Details.
4) Note that it says This digital signature is OK or not (circled in yellow above). If a certificate is OK, it shouldn t need to be installed (but it won t hurt). 5) Click the View Certificate button. 6) Now click on the Certification Path tab.
7) For each certificate in the chain, starting at the root (GlobalSign), you can select it and note the Certificate status. For any certificates that are not OK, install the certificate. 8) In this example, select the GlobalSign root certificate, and if not OK select View Certificate, and then Install Certificate. The defaults should be sufficient, so press Next, Next, and Finish. 9) Repeat for the GlobalSign CodeSigning CA SHA256 G2 intermediate certificate. 10) Finally select the Silect Software, Inc. certificate and repeat. 11) Once this is done, the full certificate path should be trusted, and you should be able to install with no further issues. Missing Root Certificates If the GlobalSign root certificate cannot be installed this way, it can be downloaded from the GlobalSign web site and installed manually. Here s how to do it: 1) Browse to: https://support.globalsign.com/customer/en/portal/articles/1426602-globalsignroot-certificates 2) Scroll down the page to find the R3 GlobalSign Root Certificate. 3) Click on the Download Root-R3 (Binary/DER Encoded) button. 4) Save the Root-R3.cer file. Open the file. 5) You will probably get a warning (since the file was downloaded from the internet).
6) Click Open. The Certificate Import Wizard will open. 7) Since this is a root certificate, it should be available to all, so select Local Machine and click Next.
8) Using the Browse button, select the Trusted Root Certification Authorities store. Click Next. 9) Review the settings and click Finish. 10) The certificate should be imported successfully. 11) Once this is done, the full certificate path should be trusted, and you should be able to install with no further issues. Feedback Please let us know if this solves your problem. If not, please contact support and we will try to find a solution.