A certificate chain could not be built to a trusted root authority
Asked Answered
U

8

67

During the installation of .NET Framework 4.6.2, I got an error:

.NET Framework installation failed: -2146762486. A certificate chain could not be built to a trusted root authority

A solution to the above-mentioned error is given at this MSDN Blog link, which says to do the following steps:

1. Download the certificate http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt locally (Example: C:\Temp)

2. You can use the certmgr.exe utility to add the certificate by using the command line. For more information, see the Certmgr.exe (Certificate Manager Tool) topic at MSDN.

3. Open an admin command prompt and run this command: certmgr.exe /add C:\Temp\MicRooCerAut2011_2011_03_22.cer /s /r localMachine root

4. Next, try installing the patch KB3135996 or KB3136000

MY QUESTION:

The installation of .NET framework 4.6.2 has to be done on several production systems so, are the above-mentioned steps standard? I mean, could it create problem to install the same certificate on several systems? When the systems will be connected to the internet at some point, could it create conflict?

PS: Solving this problem (managing certificates) by connecting the systems to the Internet is not an option for me since the whole process must be offline.

Ukulele answered 8/11, 2017 at 9:41 Comment(2)
This post helped me get around an issue installing KB3151800 to get .NET 4.6.2 for some other software I needed on a machine with no internet access. I used the GUI to install the cert directly to the trusted store though. Thanks.Amphibole
This also helped me to successfully install 4.7.1. Thank you (I also used the GUI to directly install it).Maury
L
7

could it create problem to install the same certificate on several systems?

No, it will not be a problem even if the systems would be connected to the internet in the future.

When you connect the system to the internet and do the update it could download a pack of trusted certificates. These certificates will be added to the trusted root store. Existing ones will simply be IMO simply replaced.

Lament answered 8/11, 2017 at 13:27 Comment(0)
S
119

I also met the same issue in Win 7 sp1.

The solution is below:

  1. Download the certificate file from Microsoft: MicrosoftRootCertificateAuthority2011.cer

If the link invalid someday, you can download from MicrosoftRootCertificateAuthority2011.cer - github.

  1. Double click the .cer file downloaded just now, then install the certificate following below captures:

Step1


Step2


Step3


Step4

  1. Re-install your .NET Framework 4.6.2 installation package.

Then the problem will be resolved. May it be helpful for you.

Sprightly answered 23/3, 2020 at 10:52 Comment(7)
Very helpful, thanks a lot! I encountered the issue during offline installation of .NET framework 4.7.1 on Win 7 SP1 and the issue was solved by this method. However, it might be better to describe the steps in text, as screenshots tend to disappear (I've noticed the images are from your own repo, but still...).Austriahungary
@Austriahungary the screenshots can be seen here: github.com/yanglr/WindowsDevTools/tree/master/dotNET/imagesSprightly
works for me with Net Framework 4.7.1 and Windows 7 SP1 thank you ;) Very helpfulDamon
The certificate should be included in either KB2813430 or KB3004394.Petulant
I encountered this issue during .NET framework 4.8 installation on Windows 7 SP1. The issue is solved as other members mentioned before.Sivan
The solution didn't work for me. I got "the timestamp signature and/or certificate could not be verified or is malformed." error.Lands
For that error I got, need KB4474419 and KB4490628 updates for SHA-2 code signing support.Lands
F
19

For those that are having this issue in Windows 7: the timestamp signature and/or certificate could not be verified or is malformed. It can be solved with an security update:

Windows 7 64 bits:

Official URL: https://www.microsoft.com/en-us/download/details.aspx?id=46148

In case that Microsoft drop it use the Github URL GitHub URL: https://github.com/felloz/Sec_win7_64x_update/blob/master/Windows6.1-KB3033929-x64.zip

Windows 7 32 Bits

Official URL: https://www.microsoft.com/en-ie/download/details.aspx?id=46078

In case that Microsoft drop it use the Github URL GitHub URL: https://github.com/felloz/Sec_win7_86x_update/blob/master/Windows6.1-KB3033929-x86.zip

Just install the security update, restart your computer and try again to install your .NET, it works with 4.8 as well.

All the credit for this guy in YouTube: https://www.youtube.com/watch?v=tIMEsfLJX04

Furcula answered 20/11, 2021 at 18:15 Comment(3)
doesn't work for meIrisirisa
This is the only solution that worked for me, and this issue is because Microsoft updated the installers to use SHA2 certificates (including 3.5 SP1) according to support.microsoft.com/en-us/topic/… Simply installing the certificate to the trusted cert store won't workDextrose
This worked for me with the error after .cer installationBrack
B
10

I recently ran into this issue with systems behind a firewall that didn't have internet access. I ran /extract on the .NET Framework 4.6.2 MSI and was able to run the x64 installer directly without the certificate check. Maybe not the "right" way to go, but it worked.

Blamed answered 25/7, 2019 at 21:45 Comment(1)
the installer is offline why it needs internet access this is wierd...Hufnagel
L
7

could it create problem to install the same certificate on several systems?

No, it will not be a problem even if the systems would be connected to the internet in the future.

When you connect the system to the internet and do the update it could download a pack of trusted certificates. These certificates will be added to the trusted root store. Existing ones will simply be IMO simply replaced.

Lament answered 8/11, 2017 at 13:27 Comment(0)
D
5

another simple solution that worked for me to install net 4.8 in a fresh win 7sp1 is using the rootsupd.exe to update the certificates, you can download it from here https://web.archive.org/web/20170829230259/http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe

it dose not need install , just run it and it is done, no window will appear, it will automatically update the certificates

Disclimax answered 20/9, 2021 at 10:0 Comment(0)
C
3

Following OhioDeveloper’s lead, I essentially did the same thing for all the Dell Driver Packages that error on install in this Dell OptiPlex 3040... I bought a couple compact OptiPlex 3040’s from a business that was closing and therefore liquidating all assets

Ive been Fighting battles on all fronts trying to do a fresh Windows 7, install on the Dell and ran into the same problem... ( Net Framework 4.8 ) throws a ( Root Trust Certificate - Error ), at the start of the install just after it unpacks all the files and checks the host environment.

First I used ( 7-Zip ) [ freeware ], pointed it to the Net Framework installation file, and told it to extract... 7-zip will create a folder (with matching name) containing all the extracted contents of the file.

~ This part may seem “risky” if you are not familiar with opening installation files to see what they contain, but all we are doing here is, manually running, the specific file for your system and ignoring everything else. ~

Your looking for the ( .MSI ) files. For example....

Netfx_???????_x64.msi

There are many files with similar names, they only very in the middle ( ?????? ) pieces and have either ( x86 ) or ( x64 ) in the name.


If you’re on a 32 bit system, use the files with {x86} in the file name.

If you’re on a 64 bit system, use the files with {x64} in the file name.

...at this point, I had no guidance on which of the ( ????? ) variations of the file to use. There were 4 file naming variations.

CORE / EXTENDED / FULL / PATCH

These 4 file name variations didn't help at all... I was unsure if this would be an UPGRADE because in reality ( Net Framework 3.something ) is already installed with Windows.

CORE, is always an important file name, and sounded important, but eluded to nothing really...

EXTENDED, sounded silly and eluded again to nothing.

So I picked FULL, in the hopes it would “do it all” and negate the guesswork. So I had settled on the ( ...FULL_x64... ) version.

So I ran { NETFX_FULL_x64.msi }, and I am happy to report that ( Net Framework 4.8 ) installed with no errors.

...Hope this detailed walk-thru helps someone.

~TechnoDruid

SORRY TO BE SO LONG WINDED, THIS WAS AN ATTEMPT TO HELP USERS THAT DON’T (OR HAVEN'T EVER) ATTEMPTED NON-TRADITION WORK AROUNDS, TO FIX WINDOWS ERRORS.

Cabalistic answered 26/8, 2020 at 13:27 Comment(0)
K
1

Just wanted to say that I had a similar issue with trying to install .NET 4.7.2 on a Windows Server 2008 R2 box. I had to first upgrade it to Win 2k8r2 SP1, then add the prerequisite update for the d3ddecomplier.dll (KB4019990), THEN I had to load the certificate store as outlined above. It was only after all that that I was able to finally install .NET 4.7.2.

Knurl answered 23/4, 2020 at 22:45 Comment(0)
B
0

Had the same problem, almost. visual c++ error 0x800b010a could not find the certificates to download. Installed firefox and then retried to install c++ and problem fixed. Must be firefox browser installs these certificates.

Bernoulli answered 7/12, 2019 at 15:48 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.