Kbase 21752: WebClient Applications and Digital Certificates
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
06/02/2002 |
|
SUMMARY:
You are using HTTPS (Hyper-Text Transfer Protocol Secure) and your application is signed with a digital certificate. When you try to install WebClient and the application you get:
"Installation Failed. Setup cannot continue because
of the following error:
Invalid Signature. Please contact the software vendor
or try again at a later time."
EXPLANATION:
The client machine is not able to verify the digital certificate that was used to sign the application. The client might not have the correct root certificate installed, and without it the client cannot verify the certificate that the application was signed with. Microsoft includes many of the well-known root digital certificates with the operating system.
SOLUTION:
Here are some possibilities that might bring about the error:
-- Digital certificates expire.
Even if your system has the correct root digital certificate installed, if it has expired it cannot be used to verify the digital certificate that signed the application. Be sure the client has a current root certificate for the digital certificate used to sign the application.
-- High security uses 128-bit encryption.
When the application is signed, Progress uses the highest level of security available on the signers computer. High security uses 128-bit encryption. If 128-bit encryption is not available Progress will use 40-bit encryption, which is standard on older Windows systems. If the client is using 40-bit encryption it cannot read a digital certificate made using 128-bit encryption, therefore the verification fails. For these Windows machines you can download the high security package for Internet Explorer from the Microsoft website.
-- Client machine needs a root digital certificate.
If you are using a private certificate authority to issue the digital certificate, the client might not have a root certificate installed that can be used to verify this certificate. In this case each client machine that is going to install your application will need to first obtain a root digital certificate that can be used to verify the digital certificate that signed the application.
One way to check the certificates on your computer using Internet Explorer is to go to Tools > Internet Options. Then click the "Content" tab and go to Certificates. Here you can see the root certificates installed on the machine along with their expiration dates.