Install license CA certificate chain

Last update 2022-09-02

The PDXpert license key file is cryptographically signed to verify the license and to support security actions on PDX packages. These actions confirm a signed PDX package's data integrity, authenticate the sender, and allow AES-256 password encryption. License key file validation requires frequent access to the Certification Authority's certificates, which are hosted on the web. A computer without an internet connection must have the Certification Authority's root and intermediate security certificates (the "CA certificate chain") installed.

  • Do not edit the license file; signature validation requires an exact match.

  • The PDXpert Server must have an internet connection, or the CA certificate chain must be installed on the server machine.

  • The PDXpert client that imports the license file must access the CA certificate chain: (1) use the server machine's localhost PDXpert client to import the software license key; or (2) install the certificate chain on the PDXpert client computer.

Without access to the CA certificate chain, the Software License Key dialog's OK button is disabled.

Microsoft automatically installs the USERTrust (Sectigo) RSA trusted root certificate. This procedure installs the USERTrust intermediate certificate that links the PDXpert license signing certificate to the USERTrust root certificate.

Before starting, you can confirm that the USERTrust (Sectigo) RSA trusted root certificate is installed, and the intermediate certificate is not installed, using the View the certificates section.

Install the intermediate certificate§

You need Windows administrator permissions to complete this procedure.

Install the intermediate certificate that links the USERTrust (Sectigo) RSA root certificate to PDXpert's license file code signing certificate:

  1. Download this USERTrustSectigoRSACodeSigningCA.crt certificate file to the server computer, or to another computer that can transfer the file to the server using a USB drive or local network share. Save the certificate file on the server computer's Desktop or other easy-to-find location.§

    To verify the authenticity of the USERTrust certificate, you can use the VirusTotal.com website to check file hashes:

    • MD5: 8b30ea5ade8b422efca635a58c6d2cc3
    • SHA-1: 2fd12800ddb15a4d6f435f55cb8313aa24c5406d
    • SHA-256: a7b50cd49b1ebbff4fd9d1e29436a998c895454cb5073cb7bbad8bdead7445ba
  2. Select the USERTrustSectigoRSACodeSigningCA.crt file, and open the context menu (right-click). Select the Install Certificate command.§

    File context menu Install Certificate command

    Accept the file by clicking the Open button.

    Open File security warning dialog
  3. Select the Store location Local Machine option. Click Next§

    Certificate Import Wizard select profile
  4. Browse to, and then select, the Intermediate Certification Authorities certificate store. Click Next§

    Certificate Import Wizard select store
  5. Review the import completion summary, and Finish§

    Certificate Import Wizard install summary

View the certificates§

To view the security certificates in the Certificate Store:

  1. Use Windows Search manage computer certificates to find and select the MMC Certificates app.§

    Windows Search - Manage computer certificates
  2. The required trusted root certificate is automatically installed with Windows, and should be available unless it was uninstalled or revoked. You can confirm it's currently installed in path Certificates - Local Computer ➔ Trusted Root Certification Authorities ➔ Certificates.§

    If you need to install the USERTrust RSA root certificate, export it from another computer's Certificate Store, or get it on the web from USERTrust/Sectigo or one of its authorized partners. Or confirm the status of the audited root certificate, then download 1199354.crt. Import the RSA root certificate into the Trusted Root Certification Authorities store, similar to the procedure above.

    Trusted Root Certification Authorities Certificates
  3. The intermediate RSA certificate typically must be added to the Certificate Store. Open the path Certificates - Local Computer ➔ Intermediate Certification Authorities ➔ Certificates§

    Intermediate Certification Authorities Certificates
Install Guide Contents