Digital signature upgrade for loading library CAB files
FlexNet Manager Suite library content for the Application Recognition Library (ARL), SKU Library, and Product Use Rights Library (PURL) is delivered through signed CAB files. Digital signatures used on these files are generally trusted by default, but may not be trusted if you have a non-default or non-current set of trusted root certificates configured on your FlexNet Manager Suite batch server.
This article describes how to verify details of the digital signature on a FlexNet Manager Suite library content CAB file, ensure it is trusted, and install a trusted root certificate if necessary.
Verifying the digital signature on a CAB file
To verify whether the digital signature on a CAB file used for delivering FlexNet Manager Suite library content is trusted on the batch server:
- Download the relevant .cab file and save/copy it to the batch server. For example, the Application Recognition Library file can be downloaded from here.
- In Windows Explorer, right click on the file and select the Properties menu option.
- Click on the Digital Signatures tab, click on the entry in the Signature list, and click the Details button:
- A dialog will be displayed with an indication of whether the digital signature is trusted. For example:
If everything is OK, you will see the message "The digital signature is OK". If not, you will see an error message, such as "Windows does not have enough information to verify this certificate."
Troubleshooting an untrusted digital signature
If a problem is reported with the digital signature on a .cab file, clicking on the View Certificate button in the Digital Signature Details dialog may show additional details which will help to identify the cause of the problem.
One possible cause is that the root certificate used is not trusted by your FlexNet Manager Suite batch server. Check for problems with the root certificate on the Certification Path tab when viewing the .cab file's certificate:
Installing a DigiCert trusted root certificate
FlexNet Manager Suite library content .cab file digital signatures currently use the "DigiCert Trusted Root G4" root certificate.
If this root certificate is not already trusted by your batch server, the certificate in PEM file format can be downloaded from DigiCert's website at https://www.digicert.com/digicert-root-certificates.htm.
Once downloaded, the certificate should be installed (aka "imported") to the Trusted Root Certification Authorities > Certificates folder for the "Local Machine" (all users).
Consult your server administrators or information published by Microsoft about how to install a trusted root certificate in your environment and for your specific operating system. This will often involve using the Windows Certificate Manager tool.