Another Adobe “Certificate Authentication Failed”
Posted by William Diaz on January 14, 2012
In an earlier post, I was encountering cases where the latest Adobe Flash Player web installer was intentionally being interrupted during download by a third party web filtering host, which resulted in “Internal error… ABORT: Certificate authentication failed, please re-install to correct the problem. (/0)”.
In my latest encounter, I was asked to look at a friends laptop that produced a similar but shorter error: “Host. Certificate authentication failed”
I checked the size of the web installer download. The current Windows 64 bit installer is 755 KBs and I could see that the local file was the same size, so I eliminated the possibility of an incomplete download. Knowing the earlier issue could also be caused by anti-virus, I disabled it temporarily as well as the firewall, but to no avail. Though similar to the earlier post, it turns out the symptom is due to a different cause.
I downloaded the web installer for Flash again. When the download completed, I noticed something different than in my earlier post. With an impartial download, the digital signature of the installer was missing, resulting in the following Internet Explorer 9 warning: “filename.exe is not commonly downloaded and could harm your computer.”
In this instance, though, the warning message was different:”filename.exe was reported as unsafe.”
Some research lead to this IE Internals blog post, which says “…the “<filename> was reported as unsafe” message occurs when the WinVerifyTrust API reports that there’s a problem with a downloaded file’s digital signature.” A little reading about this API points me to a Microsoft Authenticode setting known as Enable trusted publisher lockdown:
This is enforced via group policy and can be accessed from gpedit.msc > User Configuration > Windows Settings > Internet Explorer Maintenance > Security > Authenticode Settings. It turns out the laptop was used for testing and the setting was likely part of a test scenario meant to see the how various configurations would impact the system. Unchecking this option allowed the installation to proceed normally.
Alternatively, you can download the complete Flash package from the Adobe website here: http://www.adobe.com/special/products/flashplayer/fp_distribution3.html?PID=4172469
Furthermore, the error encountered here and in the previous article is not specific to the Adobe Flash Player web installer but also other web installers for other Adobe products, e.g. Adobe Reader.
This and other symptoms are covered in this MS KB article:http://support.microsoft.com/kb/822798
Windows Explored 
Eric Yeboah said
so how can i solve this problem
William Diaz said
For this case, uncheck the option “Enable trusted publishers lockdown.” For the download issue, that depends. Personal PC, likely anti-virus suite needs to be disabled. Work PC, this could be either anti-virus or Web secuity filtering. Those would need to be addressed by network\security admins.
iano said
Its not the AV or FW or AM or any other 3rd party endpoint security. This is a certificate issue. The certificate has been revoked. Go to internet explorer and click on the following: \internet options\content\publishers\untrusted publishers. Remove Adobe from the untrusted and there you go.
William Diaz said
Negative. Although that can be a cause, it is not the cause in this blog or in the earlier one.
Leo said
Thank you, the option that worked for me was downloading the msi installer for plugin based browsers form http://www.adobe.com/mx/products/flashplayer/distribution3.html?PID=4172469
Cláudio Silva said
THANKS LEO…WORKED FOR ME…VERY NICE!
nadeem said
i have installed windows xp 2002 sp2.whenever try to install flash player but getting error “host certificate authentication failed” plz solution