[Mono-dev] [mono][chktrust]: signature can't be traced back to a trusted root!

Robert Jordan robertj at gmx.net
Thu Aug 25 12:19:51 EDT 2011


On 25.08.2011 12:48, jaysonp wrote:
> Thank you very much for the help Robert. :)
> Some files (with digital signatures) I checked now were found to be valid by
> chktrust.
> Though several can't be still traced to a trusted root. Namely, office files
> such as Winword.exe, Excel.exe, powerpt.exe...
>
> Would you know how will I be able to import/sync the certs found in my
> Windows Trusted Store (certmgr.msc) to the Mono trusted store? The way I
> understand it, mozroots sync the certs using what's stored on mozilla. What
> if I want to sync it with my Windows Trusted certs?

You can export the root and CA certs with this PowerShell script:

$target = "$home\exported-certs"
[System.IO.Directory]::CreateDirectory($target)
$certs = dir "cert:\LocalMachine\Root", "cert:\LocalMachine\CA"
$certs = $certs | Where-Object { $_.Verify() }
$certs |
     ForEach-Object {
         [System.IO.File]::WriteAllBytes("$target\$($_.thumbprint).cer",
             $_.Export("Cert"))
     }

They will be placed into $home\exported-certs.

Robert



More information about the Mono-devel-list mailing list