PurposeThis article explains how to overcome a validation error, when the FortiInsight Windows Agent starts, but is unable to verify the certificate used for publishing the executable.
This will also generate the following log lines, in cms.log:
[error] Invalid signature of file: C:\Program Files (x86)\Fortinet\FortiInsight\end.col.man.exe
[critical] Current process signature is INVALID or NOT trusted
[critical] Terminating application from driver controller
The endpoint has a Group Policy applied to enable the Turning off of Automatic Updates for Root Certificates
n/a
ConfigurationTo verify this issue, perform the following:
From the console window, select File > Add/Remove Snap-Ins.
From the list, select Certificates.
Select the radio button for My User Account.
From the left pane, click Certificate - Current User > Trusted Root Certification Authorities > Certificates.
From the list, confirm that "DigiCert Assured ID Root CA" exists (expires 10/11/2031).
From the left pane, Click Certificate - Current User > Intermediate Certification Authorities > Certificates
From the list, confirm that "DigiCert SHA2 Assured ID Code Signing CA" exists (expires 22/10/2028).
For “DigiCert Assured ID Root CA”
From the left pane, right-click Certificates folder > All Tasks > Import.
Certificate wizard will appear and click Next.
Click Browse and browse to the downloaded file.
Select the radio button for Place all certificate in the following store.
Click Browse > Trusted Root Certification Authorities.
For “DigiCert SHA2 Assured ID Code Signing CA”
From the left pane, right-click Certificates folder > All Tasks > Import.
Certificate wizard will appear and click Next.
Click Browse and browse to the downloaded file.
Select the radio button for Place the certificate in the following store.
Click Browse > Intermediate Certification Authorities.
n/a
Troubleshootingn/a
Internal Notesn/a
