Install license CA certificate chain

Last update 2023-10-12

The PDXpert license key file is cryptographically signed to verify the license and to support security actions on PDX packages. These actions confirm a signed PDX package's data integrity, authenticate the sender, and allow AES-256 password encryption. License key file validation requires frequent access to the Certification Authority's certificates, which are hosted on the web.

PDXpert uses the Sectigo (Comodo/USERtrust) certification authority.

Access to public internet§

A computer with a public internet connection must allow access to the Certification Authority's security certificates (the "CA certificate chain"). It is strongly recommended that firewall policies and/or access control devices use URLs and not IP addresses. Allow the following URLs to your firewall policies and access control devices to ensure connection to Sectigo's CRL services:

*.sectigo.com
*.comodoca.com
*.usertrust.com

If your security policies use IP address geolocation/geofencing, note that Sectigo certificates are issued from the United Kingdom (GB).

No access to public internet§

A computer without an internet connection must have the Certification Authority's root and intermediate security certificates (the "CA certificate chain") installed.

Do not edit the license file; signature validation requires an exact match.
The PDXpert Server must have an internet connection, or the CA certificate chain must be installed on the server machine.
The PDXpert client that imports the license file must access the CA certificate chain: (1) use the server machine's localhost PDXpert client to import the software license key; or (2) install the certificate chain on the PDXpert client computer.

Without access to the CA certificate chain, the Software License Key dialog's OK button is disabled.

Microsoft automatically installs the Sectigo trusted root certificate. This procedure installs the USERTrust intermediate certificate that links the PDXpert license signing certificate to the Sectigo root certificate.

Before starting, you can confirm that the Sectigo trusted root certificate is installed, and the intermediate certificate is not installed, using the View the certificates section.

Install the intermediate certificate§

You need Windows administrator permissions to complete this procedure.

Install the intermediate certificate(s) that link the Sectigo root certificate to PDXpert's license file code signing certificate:

Download the certificate file(s) to the server computer, or to another computer that can transfer the file to the server using a USB drive or local network share. Save the certificate file on the server computer's Desktop or other easy-to-find location. Your computer may already have one or more of these installed – see this link to check. You can install all missing certificates, but do not install a certificate that's already in the store.§

For PDXpert licenses issued after March 6, 2023, download these certificates from Sectigo:
- https://sectigo.tbs-certificats.com/SectigoPublicCodeSigningRootCrossAAA.crt
- https://sectigo.tbs-certificats.com/SectigoPublicCodeSigningCAR36.crt
For PDXpert licenses issued before March 6, 2023, also download this certificate from Sectigo:
- http://sectigo.tbs-certificats.com/SectigoRSACodeSigningCA.crt
Select the certificate file, and open the context menu (right-click). Select the Install Certificate command.§

Accept the file by clicking the Open button.
Select the Store location Local Machine option. Click Next§
Browse to, and then select, the Intermediate Certification Authorities certificate store. Click Next§
Review the import completion summary, and Finish§

View the certificates§

To view the security certificates in the Certificate Store:

Use Windows Search manage computer certificates to find and select the MMC Certificates app.§
The required trusted root certificate is automatically installed with Windows, and should be available unless it was uninstalled or revoked. You can confirm it's currently installed in path Certificates - Local Computer ➔ Trusted Root Certification Authorities ➔ Certificates.§

If you need to install the USERTrust RSA root certificate, export it from another computer's Certificate Store, or get it on the web from USERTrust/Sectigo or one of its authorized partners. Or confirm the status of the audited root certificate, then download 1199354.crt. Import the RSA root certificate into the Trusted Root Certification Authorities store, similar to the procedure above.
The intermediate RSA certificate typically must be added to the Certificate Store. Open the path Certificates - Local Computer ➔ Intermediate Certification Authorities ➔ Certificates§

Learn More

Install Guide Contents

001. Installation overview
002. Preparing the server computer
003. Standard PDXpert System setup
004. Standard PDXpert PLM client setup
005. Installing LocalDB for PDXpert client ODBC
006. Custom installation: SQL Server
007. Custom installation: PDXpert server
008. Custom installation: Private cloud
009. Custom installation: Client deployment
010. Upgrading the PDXpert Application Server
011. Upgrading the PDXpert PLM client
012. PDXpert server post-install checklist
013. Install license CA certificate chain
014. Moving PDXpert server database and files
015. Managing a PDXpert test server
016. PDXpert Application Server diagnostics
017. PDXpert PLM client diagnostics
018. Microsoft SQL Server diagnostics
019. Microsoft SQL Server log files
020. Connecting SQL Server Management Studio
021. Upgrading SQL Server
022. Service configuration settings
023. Application folders and files
024. System architectural diagram
025. Release notes (change history)
- PDXpert 11.0 release notes
- PDXpert 11.1 release notes
- PDXpert 11.2 release notes
- PDXpert 12.0 release notes
- PDXpert 12.1 release notes
- PDXpert 12.2 release notes
- PDXpert 13.0 release notes
- PDXpert 14.0 release notes
- PDXpert 15.0 release notes
- PDXpert 16.0 release notes