Patch Download Failure - Connection Lost: the Remote Certificate Is Invalid According to the Validation Procedure

Version 6

    Symptoms

     

    When trying to download Microsoft patches MS15-106 and above you receive the error message

    "Connection lost: The remote certificate is invalid according to the validation procedure."

    ErrorMessage.JPG

     

    Cause

     

    The OS Protect is installed on is unable to verify the digital signature of the patch being downloaded.  This is typically caused by an invalid or out of date root certificate.  Typically an environmental setting is preventing the Baltimore Cyber Trust Root Certificate from downloading OR it was placed in your Untrusted Certificates store.

    Untrusted.JPG

     

    Resolution

     

    If the Certificate is not in your "Computer account" Certificate store under "Trusted Root Certification Authority", your OS is either unable to download the root certificate or the root certificate was placed in your "Untrusted Certificates" store.  If you find the Baltimore Cyber Trust Root Certificate under the "Untrusted Certificates" store simply move it to the "Trusted Root Certification Authority" store by dragging and dropping it.

     

    If the certificate is not in either certificate store you will need to download it manually and import it into the "Trusted Root Certification Authority" store. To do this, you can navigate to one of the following pages where you will find the link to download the Baltimore CyberTrust Root certificate.

    Download Links For the Baltimore CyberTrust Certificate can be found on the following pages:

    https://support.microsoft.com/en-us/kb/2842146

    https://msdn.microsoft.com/en-us/library/dn135313.aspx

     

    Alternatively you can find the Microsoft Bulletin ID URL for the problem patch (This can be found in Patch View) and navigate to the site by clicking on the link.

     

    Bulletin ID.JPG

     

    Once you are there you will receive an error stating there is a problem with the sites security certificate.  Download the Baltimore Cyber Trust certificate from the browser and import it into your "Computer Account" Trusted Root Certification Authority Store. You should now be able to navigate to the Microsoft Bulletin ID page without error as well as successfully download the patch in Shavlik Protect.

     

    WebsiteError.JPG

     

    Additional Information

     

    If you get to the Microsoft Bulletin ID URL and you receive no Certificate Error you most likely have the Certificate in your "Current User" Trusted Root store but not in your "Local Computer" Trusted Root store.  To remedy this you will need to export your Baltimore Cyber Trust Cert and Import it into your Local Computer certificate store.

     

    Affected Product(s)

     

    Shavlik Protect