Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

A certificate chain could not be built to a trusted root authority

During the installation of .NET Framework 4.6.2, I got an error:

.NET Framework installation failed: -2146762486. A certificate chain could not be built to a trusted root authority

A solution to the above-mentioned error is given at this MSDN Blog link, which says to do the following steps:

1. Download the certificate http://www.microsoft.com/pki/certs/MicRooCerAut2011_2011_03_22.crt locally (Example: C:\Temp)

2. You can use the certmgr.exe utility to add the certificate by using the command line. For more information, see the Certmgr.exe (Certificate Manager Tool) topic at MSDN.

3. Open an admin command prompt and run this command: certmgr.exe /add C:\Temp\MicRooCerAut2011_2011_03_22.cer /s /r localMachine root

4. Next, try installing the patch KB3135996 or KB3136000

MY QUESTION:

The installation of .NET framework 4.6.2 has to be done on several production systems so, are the above-mentioned steps standard? I mean, could it create problem to install the same certificate on several systems? When the systems will be connected to the internet at some point, could it create conflict?

PS: Solving this problem (managing certificates) by connecting the systems to the Internet is not an option for me since the whole process must be offline.

like image 228
skm Avatar asked Nov 08 '17 09:11

skm


People also ask

How do I add a certificate to the Trusted root certificate authority?

Expand the Computer Configuration section and open Windows Settings\Security Settings\Public Key. Right-click Trusted Root Certification Authorities and select Import. Follow the prompts in the wizard to import the root certificate (for example, rootCA. cer) and click OK.

How do you trust certificate chains?

In order for an SSL certificate to be trusted it has to be traceable back to the trust root it was signed off of, meaning all certificates in the chain – server, intermediate, and root, need to be properly trusted.


2 Answers

I also met the same issue in Win 7 sp1.

The solution is below:

  1. Download the certificate file from Microsoft: MicrosoftRootCertificateAuthority2011.cer

If the link invalid someday, you can download from MicrosoftRootCertificateAuthority2011.cer - github.

  1. Double click the .cer file downloaded just now, then install the certificate following below captures:

Step1


Step2


Step3


Step4

  1. Re-install your .NET Framework 4.6.2 installation package.

Then the problem will be resolved. May it be helpful for you.

like image 183
Bravo Yeung Avatar answered Sep 26 '22 09:09

Bravo Yeung


I recently ran into this issue with systems behind a firewall that didn't have internet access. I ran /extract on the .NET Framework 4.6.2 MSI and was able to run the x64 installer directly without the certificate check. Maybe not the "right" way to go, but it worked.

like image 34
ohioDeveloper Avatar answered Sep 26 '22 09:09

ohioDeveloper