Skip to main content
llim
Staff
llim
Staff
May 25, 2021

Technical Tip: Problem validating executable certificate

  • May 25, 2021
  • 0 replies
  • 1751 views
Purpose

Description 

This article explains how to overcome a validation error, when the FortiInsight Windows Agent starts, but is unable to verify the certificate used for publishing the executable.  

 
This will also generate the following log lines, in cms.log: 
 

[error] Invalid signature of file: C:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.exe 

[critical] Current process signature is INVALID or NOT trusted 

[critical] Terminating application from driver controller 
 

This can occur when 

  1. The endpoint has a Group Policy applied to enable the Turning off of Automatic Updates for Root Certificates


Expectations, Requirements
n/a
Configuration

Solution 

To verify this issue, perform the following: 

  1. Click Start > Run. 

  1. Enter mmc. 

  1. From the console window, select File > Add/Remove Snap-Ins. 

  1. From the list, select Certificates. 

  1. Click Add. 

  1. Select the radio button for My User Account. 

  1. Click Finish > OK. 

  1. From the left pane, click Certificate - Current User > Trusted Root Certification Authorities > Certificates. 

  1. From the list, confirm that "DigiCert Assured ID Root CA" exists (expires 10/11/2031). 

  1. From the left pane, Click Certificate - Current User > Intermediate Certification Authorities > Certificates 

  1. From the list, confirm that "DigiCert SHA2 Assured ID Code Signing CA" exists (expires 22/10/2028). 

 

If these are missing, download both certificates from the following https://www.digicert.com/kb/digicert-root-certificates.htm#roots: 

 

For “DigiCert Assured ID Root CA 

  1. From the left pane, right-click Certificates folder > All Tasks > Import.   

  1. Certificate wizard will appear and click Next. 

  1. Click Browse and browse to the downloaded file. 

  1. Click Open > Next. 

  1. Select the radio button for Place all certificate in the following store. 

  1. Click Browse > Trusted Root Certification Authorities. 

  1. Click Next > Finish. 

 

For “DigiCert SHA2 Assured ID Code Signing CA 

  1. From the left pane, right-click Certificates folder > All Tasks > Import.   

  1. Certificate wizard will appear and click Next. 

  1. Click Browse and browse to the downloaded file. 

  1. Click Open > Next. 

  1. Select the radio button for Place the certificate in the following store. 

  1. Click Browse > Intermediate Certification Authorities. 

Click Next > Finish. 


Verification
n/a
Troubleshooting
n/a
Internal Notes
n/a
Terms & ConditionsAccessibility statement