Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

A certificate chain could not be built to a trusted root authority

Tags:

.net

certificate

windows-7-embedded

During the installation of .NET Framework 4.6.2, I got an error:

.NET Framework installation failed: -2146762486. A certificate chain could not be built to a trusted root authority

A solution to the above-mentioned error is given at this MSDN Blog link, which says to do the following steps:

1. Download the certificate http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt locally (Example: C:\Temp)

2. You can use the certmgr.exe utility to add the certificate by using the command line. For more information, see the Certmgr.exe (Certificate Manager Tool) topic at MSDN.

3. Open an admin command prompt and run this command: certmgr.exe /add C:\Temp\MicRooCerAut2011_2011_03_22.cer /s /r localMachine root

4. Next, try installing the patch KB3135996 or KB3136000

MY QUESTION:

The installation of .NET framework 4.6.2 has to be done on several production systems so, are the above-mentioned steps standard? I mean, could it create problem to install the same certificate on several systems? When the systems will be connected to the internet at some point, could it create conflict?

PS: Solving this problem (managing certificates) by connecting the systems to the Internet is not an option for me since the whole process must be offline.

like image 228
skm Avatar asked Nov 08 '17 09:11

skm

People also ask

How do I add a certificate to the Trusted root certificate authority?

Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA. cer) and click OK.

How do you trust certificate chains?

In order for an SSL certificate to be trusted it has to be traceable back to the trust root it was signed off of, meaning all certificates in the chain – server, intermediate, and root, need to be properly trusted.

2 Answers

I also met the same issue in Win 7 sp1.

The solution is below:

  1. Download the certificate file from Microsoft: MicrosoftRootCertificateAuthority2011.cer

If the link invalid someday, you can download from MicrosoftRootCertificateAuthority2011.cer - github.

  1. Double click the .cer file downloaded just now, then install the certificate following below captures:

Step1


Step2


Step3


Step4

  1. Re-install your .NET Framework 4.6.2 installation package.

Then the problem will be resolved. May it be helpful for you.

like image 183
Bravo Yeung Avatar answered Sep 26 '22 09:09

Bravo Yeung

I recently ran into this issue with systems behind a firewall that didn't have internet access. I ran /extract on the .NET Framework 4.6.2 MSI and was able to run the x64 installer directly without the certificate check. Maybe not the "right" way to go, but it worked.

like image 34
ohioDeveloper Avatar answered Sep 26 '22 09:09

ohioDeveloper
Sign in to Comment

Related questions

minidump vs. fulldump?
Difference between AppDomain, Assembly, Process, and a Thread
How to extract a substring from a .NET RegEx?
Win32 API function to programmatically enable/disable device
Conditions when finally does not execute in a .net try..finally block
Raising C# events with an extension method - is it bad?
How to output a variable value to the log from MSBuild
Good example of use of AppDomain
Add vertical scroll bar to panel
Why we need Thread.MemoryBarrier()?
The type 'System.Data.Entity.DbContext' is defined in an assembly that is not referenced. You must add a reference to assembly 'EntityFramework 2
DataColumn Name from DataRow (not DataTable)
What does the error "the exec task needs a command to execute" mean?
Guid == null should not be allowed by the compiler
Selecting a range of items inside an array in C#
'Newtonsoft.Json' already has a dependency defined for 'Microsoft.CSharp'
Dynamically create an object of <Type>
Get Entity Framework 6 use NOLOCK in its underneath SELECT statements
Using CancellationToken for timeout in Task.Run does not work [duplicate]
What is a good unique PC identifier?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!