It seems that you're using an outdated browser. Some things may not work as they should (or don't work at all).
We suggest you upgrade newer and better browser like: Chrome, Firefox, Internet Explorer or Opera

×
Community
General discussioncertificate issue(6 posts)(6 posts)
(6 posts)
Pages:
1
This is my favourite topic
Posted October 24, 2024
Damn, trying to post this was a drama.

Windows 11 x64 24H2

Taking a recently updated game from my library https://www.gog.com/en/game/hive_jump_2_survivors

I see this https://i.imgur.com/cATiPWw.png

[1] ../setup_hive_jump_2_survivors_1.0.1825_(release)_(actual_gog_version)_(64bit)_(76124).exe
Running signature check...
PE checksum : 09D27A7F
Signature Index: 0 (Primary Signature)
Message digest algorithm : SHA256
Current message digest : 37C72B6924D5E6FE57DD2096B92425CCD04FCF9D7E691415229550A5A47A77A6
Calculated message digest : 37C72B6924D5E6FE57DD2096B92425CCD04FCF9D7E691415229550A5A47A77A6
Signer's certificate:
Signer #0:
Subject: /C=PL/ST=MAZOWIECKIE/L=WARSZAWA/O=GOG sp. z o.o/CN=GOG sp. z o.o
Issuer : /C=US/O=DigiCert, Inc./CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Serial : 0BAD5D6BF5CE1EF257DAFB8B75BE92B2
I see this for any game using this newer certificate.

How does this get resolved?
Attachments:
2024-10-24_10-31.jpg (98 Kb)
Post edited October 24, 2024 by razeedazee
No posts in this topic were marked as the solution yet. If you can help, add your reply
Posted October 24, 2024
avatar
razeedazee: How does this get resolved?
Install it anyways? It's not like GOG is going to host virus laden installers.
If in doubt, run the file through a virus scanner or three beforehand then install away.
Posted October 24, 2024
I launched an offline installer signed October 21st and it was fine.

Run a Windows Update check and make sure you're not blocking any relevant Windows processes, like LSASS.exe which checks for certificate revocation. If needed, there are convoluted and tedious ways to manually update root certificates and the certificate trust list. It's also worth double-checking that your system's date and time are accurately set.
Posted October 25, 2024
avatar
Ice_Mage: I launched an offline installer signed October 21st and it was fine.

Run a Windows Update check and make sure you're not blocking any relevant Windows processes, like LSASS.exe which checks for certificate revocation. If needed, there are convoluted and tedious ways to manually update root certificates and the certificate trust list. It's also worth double-checking that your system's date and time are accurately set.
I've found the issue, though it's a two stage problem. Not everyone might have the second issue but the first should be consistently reproducible

Part 1:

Here is the behaviour on a Windows 11 23H2 x64 vm. The issue is present by default but can be resolved with no need to update root certificates, by replicating the behaviour in the video:

https://streamable.com/en437t

As soon as I view the certificate it get's added to the intermediary trust section and then it works as normal.

Until I view it, the publisher will remain unverified. This is a consistent and reproducible on a fresh install of Windows 11 x64 23H2 or newer.

Part two: If the the cert was already present in the intermediary trust section

On my main PC the certs were already present and the binary would never show publisher verified so the above behaviour would not solve the issue.

Note: I've updated my main root trust to see if it fixed anything as a stand alone action but this does not need to be done at any stage to resolve this.

I have the full chain of certs installed. The required chain is shown in this image.

https://i.imgur.com/6cx0bT9.png

Here is the problem intermediary trust cert.

https://i.imgur.com/uA79Xpv.png

If I open Certmgr.msc and delete this intermediary trust cert, then repeat step 1, it was re-added automatically and the binary publisher is now verified.

I cannot explain why it was broken and it needs to be removed then re added. I have verified my system integrity and no other issues.

This is how you solve the issue for this certificate:

Issued to: GOG sp. Zo.o
Issued by: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Valid from 07/03/2024 to 20/03/2025

https://i.imgur.com/gErRTPD.png
Post edited October 25, 2024 by razeedazee
Posted October 26, 2024
....only with Win11? 0_o
Posted October 26, 2024
avatar
Shmacky-McNuts: ....only with Win11? 0_o
I don't know, i only tested on Windows 11 23H2 or newer.
Pages:
1
This is my favourite topic
Community
General discussioncertificate issue(6 posts)(6 posts)
(6 posts)