Re: Own signed updates. Error 800b0004. Digital Signatures not tru
The computers are located at an active directory. The sign certificate was
created by a microsoft certification authority, which is a part of the active
directory. So automatically the root certificate of the certification
authority will be published for the computers using active directory.
The root certificate of the certification authority is installed at the
computer(I checked this using the mmc console and the certificate plugin for
the local computer context).
The explorer grant this certificate as valid. I tried this verification step
also at the systemcontext and everything is fine.
The big problem is on some computers it works and on another computer it
It's really comlex to understand the verification process of wsus.
I added the sign certificate to the "trusted publishers" on the computers,
which has the problems. That solved the issue.
But the question is: Why it works on some computers without this step? Or
which parameter or setting is wrong on this computers, where it crash.
"Harry Johnston [MVP]" wrote:
> PA Bear [MS MVP] wrote:
> > Forwarded to WSUS newsgroup
> > (microsoft.public.windows.server.update_services) via crosspost as a
> > convenience to OP.
> Actually it sounds like a digital certificates issue - I don't know which
> newsgroup would be most suitable. One of the Vista groups perhaps?
> If it really is specific to the way WSUS verifies certificates, I think the OP
> may be on their own; I don't know of anybody else who has tried to do this before.
> >> We have published own created updates using wsus. The updates was
> >> automatically signed by an certificate, which was created explicit for the
> >> server. The root certificate is published on the computer as "trusted root".
> >> Now we have digital signature errors on some computers(Windows Vista) like
> >> the following:
> What mechanism did you use to publish the certificate to the client computers?
> Have you doublechecked that the certificate is present? Have you tried copying
> the file to the client and examining the certificate via Windows Explorer?