When attempting to install the vCenter 6u3b upgrade, error produced:
A file that is required cannot be installed because the cabinet file <path>\vmware-jmemtool.msi is not digitally signed. This may indicate that the cabinet file is corrupt.
The issue being that I've downloaded this .ISO 3 times. Each time, the SHA256 hash matches (checked via powershell). I have not checked MD5 or SHA1 hashes.
I am using all self-signed certs, on W2k12-r2 with SQL server back-end on a separate system.
Comments? Ideas? Baklava?
Hi,
did you look at the msi paket in detail and check the certificate trust? Maybe there is a missing root certificate on your server system.
Right click the msi paket and check the digital signature tab.
Frank
Apparently that's the issue. Its states "one of the countersignatures is not valid. The file may have been altered".
so now I'm lost. Since the SHA256 hash matches, that means the file cert had an issue BEFORE vmware GA'd it? But i haven't seen anyone else with the problem.
Thanks...
No, you are not lost 😉
Install the missing root certificate into your local certificate store and you will be fine.
Frank
Please mark question as answered.
Thanks
Frank
We have the exact same problem as you, did you get it to work?
did you try to install the missing certificate?
Frank
I am also getting the error. I have attempted to install the certificate, but perhaps I've not installed the correct certificate or in the correct store.
I'm still getting the error even after installing the certificate in Local Computer Account - Trusted Root Certificate Authority.
The countersignatures certificate:
Starfield Services Root Certificate Authority - G1 "Windows does not have enough information to verify this certificate" and the certificate status is "The issuer of this certificate could not be found."
Did you try to install the whole certificate chain? Not only the certificate itself?
Root, sub certificate. trusted root certification authorities
Frank
This worked for me.
Workaround:
NOTE: This change should be done by the customer and under his own risk, nevertheless, if you would like to check if the setting is enabled you can go to Local Computer Policy/Administrative Templates/System/Internet Communication Management/Internet Communication Settings
I disabled the local computer policy (mmc gpedit.msc) detailed above. The certificate was confirmed to be valid. I then re-enabled the local computer policy.
Using an administrator powershell console, I ran the vcenter installer and it no longer gave the certificate error.
I'm having this same issue as well. I've found most of the certificates online but cannot find the GlobalSign Timestamping CA - G2 root certificate. I've got a case open with VMware to attempt to get this particular certificate for install.
The exact certificate is identified as "Starfield Services Root Certificate Authority"...note, there is no "G1" or "G2". We had to open a case with VMware and they sent the proper certificate.
The case has been answered and closed. If you are receiving unknown counter signature error during install and the associated certificate was signed by GlobalSign Timestamping CA - G2 root certificate then you can use the below link to download the GlobalSign Root R2 certificate for install (install into the local Computers Trusted Certificate Authorities container).
How do I get that same certificate? "Starfield Services Root Certificate Authority" not G1 and not G2.
I'm needing the Starfield Certficate Chain - G1
I had the same issue, and downloaded the "Starfield Services Root Certificate" from https://certs.secureserver.net/repository