Another Adobe “Certificate Authentication Failed”
Posted by William Diaz on January 14, 2012
In an earlier post, I was encountering cases where the latest Adobe Flash Player web installer was intentionally being interrupted during download by a third party web filtering host, which resulted in “Internal error… ABORT: Certificate authentication failed, please re-install to correct the problem. (/0)”.
In my latest encounter, I was asked to look at a friends laptop that produced a similar but shorter error: “Host. Certificate authentication failed”
I checked the size of the web installer download. The current Windows 64 bit installer is 755 KBs and I could see that the local file was the same size, so I eliminated the possibility of an incomplete download. Knowing the earlier issue could also be caused by anti-virus, I disabled it temporarily as well as the firewall, but to no avail. Though similar to the earlier post, it turns out the symptom is due to a different cause.
I downloaded the web installer for Flash again. When the download completed, I noticed something different than in my earlier post. With an impartial download, the digital signature of the installer was missing, resulting in the following Internet Explorer 9 warning: “filename.exe is not commonly downloaded and could harm your computer.”
In this instance, though, the warning message was different:”filename.exe was reported as unsafe.”
Some research lead to this IE Internals blog post, which says “…the “<filename> was reported as unsafe” message occurs when the WinVerifyTrust API reports that there’s a problem with a downloaded file’s digital signature.” A little reading about this API points me to a Microsoft Authenticode setting known as Enable trusted publisher lockdown:
This is enforced via group policy and can be accessed from gpedit.msc > User Configuration > Windows Settings > Internet Explorer Maintenance > Security > Authenticode Settings. It turns out the laptop was used for testing and the setting was likely part of a test scenario meant to see the how various configurations would impact the system. Unchecking this option allowed the installation to proceed normally.
Alternatively, you can download the complete Flash package from the Adobe website here: http://www.adobe.com/special/products/flashplayer/fp_distribution3.html?PID=4172469
Furthermore, the error encountered here and in the previous article is not specific to the Adobe Flash Player web installer but also other web installers for other Adobe products, e.g. Adobe Reader.
This and other symptoms are covered in this MS KB article:http://support.microsoft.com/kb/822798