Forum Discussion
Untrusted Certificate when installing Microsoft Edge
Michiel Overweel - We have the "Microsoft Root Certificate Authority 2011" cert in Trusted root certification Authorities, however we don't have the "Microsoft Code Signing PCA 2011" anywhere. Under trusted publishers, we only have our inhouse code signing certs listed. I did a search for all certs issued by and issued to Microsoft and it definitely isn't on our Windows 10 machines which are on May/June 2020 update level. the only code signing certs from MS we have are for "Microsoft Windows Hardware compatibility" and "Symantec Enterprise Mobile Root for Microsoft" .
I checked our SOE build, a fresh build of windows 10 enterprise and my personal windows 10 home and the cert isn't on any of them. Any idea where I can get it from?
forgot to mention
win 10 enterprise was 1909, our SOE is 1809 and home version is 1909, in case it was only made part of a particular Win10 build
- PaulKlerkxJun 24, 2020Iron Contributor
also verified not in intermediate CA
- Michiel OverweelJun 24, 2020Iron Contributor
PaulKlerkx I ran a quick test in my lab environment, and it appears that the "Microsoft Code Signing PCA 2011" certificate is added to the Intermediate Certification Authorities on the system where the ConfigMgr console was used to create the Edge application. In my environment, this hasn't caused any issues, but application installation policies might be a bit more strict in yours.
What I'd try next is: export the certificate on the ConfigMgr console computer, and then import that into a GPO so it can be distributed to all ConfigMgr client computers. You could probably do the same using ConfigMgr Certificate Profiles. Good luck!
- PaulKlerkxJun 24, 2020Iron Contributor
That didn't work, I tried in both intermediate certification authority and trusted publishers, Edge still won't install, the message is
Install-Edge.ps1 is published by CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US and is not trusted on your system. Only run scripts from trusted publishers.
Our Execution policy is set to allsigned.