Skip to content

Fix Certificate Error when Installing .NET Framework

You may experience an ‘Installation did not Succeed’ error when installing newer versions of the dot net framework and other runtimes such as Microsoft Visual C++ in Windows 7.

In most cases, such as with .NET framework 4.8 and 4.7.2, Windows 7 SP1 is the minimum-supported OS. However, you may still experience installation errors even with this service pack installed.

The exact cause of this error is related to the certificate used to digitally sign the software, hence the error message: “A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

Some tutorials online recommend installing the MicrosoftRootCertificateAuthority2011.cer certificate to fix this error. Based on my experience, this did not solve the error since this particular certificate expired in 2021.

It may have worked before then, but currently it does little to remedy installation. Instead, you may as I did, get another error: “The timestamp signature and/or certificate could not be verified or is malformed.” if you try installing the runtime after installing the certificate.

The real culprit behind this error is not actually the certificate but related to the fact the Windows 7 no longer receives updates. You see the new runtimes are being digitally signed using certificates using SHA-2 hash, which Windows 7 doesn’t support as it only shipped with support for the now retired SHA-1 certificates.

Fortunately, you can fix the issue by installing the necessary updates manually. Here’s how to go about it.

How to Install SHA-2 Code Signing Support Updates

As explained in this Microsoft article, you need to enable SHA-2 Code signing support by installing the following updates:

The above updates apply to those running Windows 7 SP1 or Windows Server 2008 R2 SP1. For Windows Server 2008 SP2 you’ll need to install:

The above links will take you to the Microsoft Catalog page for the respective update. You’ll need to download the correct package for your OS and architecture (x86/32-bit or x64/64-bit.)

Each package comes in a standalone MSU file. To install you only need to double-click on the file and Windows update will install it. Make sure the Windows Update service is not disabled, otherwise the updates will not install.

Once you’re done installing the updates, restart your computer and try installing the runtime again. They should work this time round.

Cheers!

Tags:
Share:

Leave a Reply

Feel free to share your comments or questions with me. I may not be able to respond immediately so please check later once I've approved your comment.

Your email address will not be published.

Kelvin Kathia

Kelvin Kathia is a writer based in Kenya that's passionate about sharing solutions to everyday tech problems. He's the founder and editor of Journey Bytes, a tech blog and web design agency. Feel free to leave him comments or questions regarding this post, or by leaving him a message on the contact page. If you found his content helpful, a donation is much appreciated.