Patch Download Failure - Connection Lost: the Remote Certificate Is Invalid According to the Validation Procedure

Version 6



    When trying to download Microsoft patches MS15-106 and above you receive the error message

    "Connection lost: The remote certificate is invalid according to the validation procedure."





    The OS Protect is installed on is unable to verify the digital signature of the patch being downloaded.  This is typically caused by an invalid or out of date root certificate.  Typically an environmental setting is preventing the Baltimore Cyber Trust Root Certificate from downloading OR it was placed in your Untrusted Certificates store.





    If the Certificate is not in your "Computer account" Certificate store under "Trusted Root Certification Authority", your OS is either unable to download the root certificate or the root certificate was placed in your "Untrusted Certificates" store.  If you find the Baltimore Cyber Trust Root Certificate under the "Untrusted Certificates" store simply move it to the "Trusted Root Certification Authority" store by dragging and dropping it.


    If the certificate is not in either certificate store you will need to download it manually and import it into the "Trusted Root Certification Authority" store. To do this, you can navigate to one of the following pages where you will find the link to download the Baltimore CyberTrust Root certificate.

    Download Links For the Baltimore CyberTrust Certificate can be found on the following pages:


    Alternatively you can find the Microsoft Bulletin ID URL for the problem patch (This can be found in Patch View) and navigate to the site by clicking on the link.


    Bulletin ID.JPG


    Once you are there you will receive an error stating there is a problem with the sites security certificate.  Download the Baltimore Cyber Trust certificate from the browser and import it into your "Computer Account" Trusted Root Certification Authority Store. You should now be able to navigate to the Microsoft Bulletin ID page without error as well as successfully download the patch in Shavlik Protect.




    Additional Information


    If you get to the Microsoft Bulletin ID URL and you receive no Certificate Error you most likely have the Certificate in your "Current User" Trusted Root store but not in your "Local Computer" Trusted Root store.  To remedy this you will need to export your Baltimore Cyber Trust Cert and Import it into your Local Computer certificate store.


    Affected Product(s)


    Shavlik Protect