Views:

Customers can verify if the required certificates exist by doing the following:

  1. Go to Start > Run.
  2. Execute the following command:

    certlm.msc

  3. Check if the following certificates exist under Certificates (Local Computer):
     
    "Root CA" in the list below means to go into Trusted Root Certificate Authorities > Certificates.
     

    Trusted Root Certification Authorities

     
    "Intermediate cert" in the list below means to go into Intermediate Certificate Authorities > Certificates.
     

    Intermediate Certification Authorities

    • SHA-1:
      • Root CA

        Subject: VeriSign Class 3 Public Primary Certification Authority - G5
        Serial number: 18 da d1 9e 26 7d e8 bb 4a 21 58 cd cc 6b 3b 4a
        Thumbprint: 4e b6 d5 78 49 9b 1c cf 5f 58 1e ad 56 be 3d 9b 67 44 a5 e5
        Valid from 2006/11/08 to 2036/07/17

      • Intermediate cert

        Subject: VeriSign Class 3 Code Signing 2010 CA
        Serial number: 52 00 e5 aa 25 56 fc 1a 86 ed 96 c9 d4 4b 33 c7
        Thumbprint: 49 58 47 a9 31 87 cf b8 c7 1f 84 0c b7 b4 14 97 ad 95 c6 4f
        Valid from 2010/02/08 to 2020/02/08

    • SHA-1 Countersignatures:
      • Root CA

        Subject: UTN-USERFirst-Object
        Serial number: 44 be 0c 8b 50 00 24 b4 11 d3 36 2d e0 b3 5f 1b
        Thumbprint: e1 2d fb 4b 41 d7 d9 c3 2b 30 51 4b ac 1d 81 d8 38 5e 2d 46
        Valid from 1999/07/10 to 2019/07/10

    • SHA-2:
      • Root CA

        Subject: Class 3 Public Primary Certification Authority
        Serial number: 70 ba e4 1d 10 d9 29 34 b6 38 ca 7b 03 cc ba bf
        Thumbprint: 74 2c 31 92 e6 07 e4 24 eb 45 49 54 2b e1 bb c5 3e 61 74 e2
        Valid from 1996/01/29 to 2028/08/02

      • Intermediate cert

        Subject: VeriSign Class 3 Public Primary Certification Authority - G5
        Serial number: 25 0c e8 e0 30 61 2e 9f 2b 89 f7 05 4d 7c f8 fd
        Thumbprint: 32 f3 08 82 62 2b 87 cf 88 56 c6 3d b8 73 df 08 53 b4 dd 27
        Valid from 2006/11/08 to 2021/11/08

      • Intermediate cert

        Subject: Symantec Class 3 SHA256 Code Signing CA
        Serial number: 3d 78 d7 f9 76 49 60 b2 61 7d f4 f0 1e ca 86 2a
        Thumbprint: 00 77 90 f6 56 1d ad 89 b0 bc d8 55 85 76 24 95 e3 58 f8 a5
        Valid from 2013/12/10 to 2023/12/10

    • SHA-2 Countersignatures:
      • Root CA

        Subject: Thawte Timestamping CA
        Serial number: 00
        Thumbprint: be 36 a4 56 2f b2 ee 05 db b3 d3 23 23 ad f4 45 08 4e d6 56
        Valid from 1997/01/01 to 2021/01/01

      • Intermediate cert

        Subject: Symantec Time Stamping Services CA - G2
        Serial number: 7e 93 eb fb 7c c6 4e 59 ea 4b 9a 77 d4 06 fc 3b
        Thumbprint: 6c 07 45 3f fd da 08 b8 37 07 c0 9b 82 fb 3d 15 f3 53 36 b1
        Valid from 2012/12/21 to 2020/12/31

 

If the customer cannot import the certificates successfully for any reason, a less secure alternative is to disable signature checking:

  1. Open the “C:\Program Files\Trend Micro\Control Manager\aucfg.ini” file using Notepad.
  2. Manually add the following key and set it to "0":
    • check_file_signature=X

      Where:
      X=0 disables file signature checking.
      X=1 enables file signature checking.

  3. Save the changes to the aufg.ini file.
  4. Restart the Trend Micro Control Manager service.
Keywords: file integrity,countersignature,SHA-1,SHA-2,digital certificate checking,Trusted Root Certificate Authorities,Intermediate Certificate Authorities,check_file_signature=0,check file signature,digital certificate locations,Certificate Manager,certmgr.msc