There have been a lot of cases for Windows (XP, 2003, 2008, etc.) platforms, wherein the OSCE agent is unable to update the scan engine or program to the latest version due to signature verification failure in a closed network.
Most of these cases are due to the Agent PC missing a necessary root certificate. This article demonstrates how to manually check if a root certificate is missing.
To view certificates in the Microsoft Management Console (MMC) snap-in:
- Open a Command Prompt window.
- Type "MMC" and press the ENTER key.
To view certificates in the local machine, you must be in the Administrator role.
- On the File menu, click Add/Remove Snap-In.
- Click Add.
- In the Add Standalone Snap-in dialog box, select Certificates.
- Click Add.
- In the Certificates snap-in dialog box, select the Computer account and click Next.
- In the Select Computer dialog box, click Finish.
- In the Add Standalone Snap-in dialog box, click Close.
- On the Add/Remove Snap-in dialog box, click OK.
Optional. On the File menu, click Save or Save As. Save the console file to reuse later.
- Go to Console Root > Certificates > Trusted Root Certification Authorities > Certificates to view the installed certificates.
To manually verify if a necessary root certificate is missing:
- On the problematic agent machine, manually check the digital signature of the problematic new version of a file (e.g. vsapint.sys) from File Properties. If you can’t find the new version binary for the engine (e.g. v9.9) in the client installation folder, you can go to the OSCE server’s shared folder and view the file using the following Server Message Block (SMB) path:
- Right-click the file and choose Properties.
- Go to the Digital Signatures tab and select the signature.
- Choose Details, then click View Certificate.
- Go to the Certificate Path tab and select the top certificate.
- Check the Certificate Status, which is shown in the lower panel.
- Normal Situation (root certificate is NOT missing)
- Problematic Situation (root certificate is missing)
If you see the “The issuer of this certificate could not be found” message, this indicates that the certificate you have selected is missing from the PC and you need to manually import it.