[Mono-dev] [mozroots]: Microsoft Office files can't be traced to a trusted root

Robert Jordan robertj at gmx.net
Mon Aug 29 07:42:55 EDT 2011


On 29.08.2011 07:57, jaysonp wrote:
> Hi All,
>
>      In relation to a previous post of mine with subject "[mono][chktrust]:
> signature can't be traced back to a trusted root!", I would just like to
> check if someone knows why the digital signatures of Microsoft Office files
> (i.e winword.exe, excel.exe, powerpnt.exe) can't be traced to a trusted root
>
>       I've already imported certs using mozroots (mozroots --import --sync
> --machine)
>       Also, with the help of a powershell script given to me (Thanks to
> Robert), I've already imported root and trusted CAs of my machine to mono
> trust store. But still, after doing both, digital signatures can't still be
> traced to a trusted root.

The PowerShell script is ignoring certificates that did
not pass verification. Maybe these Office executables were
signed with a cert that has expired in the meantime.

Try to reimport w/out this line:

$certs = $certs | Where-Object { $_.Verify() }


Robert



More information about the Mono-devel-list mailing list