Tag: Installer

Categories
Knowledge Support Support exacqVision Enterprise exacqVision Client exacqVision Server Categories exacqVision Webservice

Installer Not Signed or The Signature is Corrupt or Invalid

Description 

If the DigiCert Trusted Root G4 Certificate is missing, exacqVision Software updates downloaded from exacq.com or initiated within exacqVision Client, will report a signature error.

Products 

  • exacqVision Server
  • exacqVision Client
  • exacqVision Web Server
  • exacqVision Enterprise Manager
  • Windows OS

Steps to Reproduce 

  • Downloading from exacq.com
  • From the exacqVision Client
    • Either navigate to the Configure System page, select the Update tab, then click update
    • or click the exacqVision logo in the upper right corner of the client and click Check for Updates

Expected Results 

  • Downloading from exacq.com
    • The file downloads and can then be launched
  • From the exacqVision Client
    • The file downloads and the software automatically updates

Actual Results 

  • Downloading from exacq.com
    • A message is displayed stating that the signature of the file is corrupt or invalid
  • From the exacqVision Client
    • The Update Status changes to Installer not signed

Solution

  • Determine if the DigiCert Trusted Root G4 certificate is installed
    • Open the Windows Certificate Manager
      • In Windows Search enter “Manage file encryption certificates”
    • Expand Trusted Root Certification Authorities
    • Look for DigiCert Trusted Root G4 it is probably not present
  • Download and install the DigiCert Trusted Root G4 Certificate
    • In a browser navigate to https://www.digicert.com/kb/digicert-root-certificates.htm
    • Locate and download the DigiCert Trusted Root G4 Certificate making sure to choose the DER/CRT option
    • Once downloaded open a file manager, locate and right-click on the downloaded DigiCertTrustedRootG4.cer file and choose Install Certificate
    • When prompted select Local Machine and continue
    • When prompted select Automatically select the certificate store based on the type of certificate
    • Select Finish to complete the certificate install
    • A window should display indicating that the import was successful
  • exacqVision Software updates should now complete without signature warnings.
Categories
Knowledge Support Support exacqVision Client exacqVision Server Categories Products

SCN-00000006 – Downgrading and Un-signed Installers

SCN #SCN-00000006
Title of SCNDowngrading and Un-signed Installers
TRAC #
Effective VersionPublic 9.6
Products AffectedServer
Reason for Change (Summary)CyberProtection requirement. Preventing man-in-the-middle attacks.

Change

Ever since the Server version 5.8, the Update plugin allowed Support to upgrade and downgrade the Server version using the ‘Update’ tab.

Prior to 9.4, the Linux installers were not digitally signed.  Beginning in 9.6, the Update plugin will require the installers to be digitally signed before completing the installation process.  If you attempt to downgrade beyond 9.4, the Client will display the following failed ‘Update Status’:

With exacqVision Client 9.4 and lower: -22

With exacqVision Client 9.6 and higher: Installer not signed

As a workaround, the software can be downgraded to 9.4 (which does not enforce signing for installers), then downgraded to whatever version is necessary.

Additionally, the un-signed installers can be run manually from within the Server’s Operating System.

Additional Documentation

https://en.wikipedia.org/wiki/Code_signing

https://trac.exacq.com/DVR/ticket/15719

Other Information

Here is an example set of logs from a successful downgrade using the Update plugin:

8/13/2018 2:26:54 PM UpdatePI Verbose Update to http://cdnpublic.exacq.com/8.8/exacqVisionServer-8.8.2.119893_x64.deb
8/13/2018 2:26:54 PM UpdatePI Verbose Update checksum 57afd83ae674c6b89a7b720a43a0843c
8/13/2018 2:26:54 PM UpdatePI Verbose Emit update status: (BUNDLE_DOWNLOAD)
8/13/2018 2:26:54 PM UpdatePI Verbose Downloading http://cdnpublic.exacq.com/8.8/exacqVisionServer-8.8.2.119893_x64.deb
8/13/2018 2:26:54 PM UpdatePI Verbose Writing /usr/local/exacq/server/downloads/exacqVisionServer-8.8.2.119893_x64.deb
8/13/2018 2:26:56 PM UpdatePI Verbose Emit update status: (BUNDLE_DOWNLOAD)
8/13/2018 2:26:57 PM UpdatePI Verbose Emit update status: (BUNDLE_DOWNLOAD)
8/13/2018 2:26:58 PM UpdatePI Verbose Emit update status: (BUNDLE_DOWNLOAD)
8/13/2018 2:26:58 PM UpdatePI Verbose Emit update status: (BUNDLE_DOWNLOAD)
8/13/2018 2:26:58 PM UpdatePI Verbose Emit update status: (BUNDLE_DOWNLOAD)
8/13/2018 2:26:58 PM UpdatePI Verbose Download succeeded.
8/13/2018 2:26:58 PM UpdatePI Verbose Received checksum (57afd83ae674c6b89a7b720a43a0843c).
8/13/2018 2:26:58 PM UpdatePI Verbose Emit update status: (BUNDLE_INSTALL)
8/13/2018 2:26:58 PM UpdatePI Verbose Attempting to install bundle: (/usr/local/exacq/server/downloads/exacqVisionServer-8.8.2.119893_x64.deb)
8/13/2018 2:26:58 PM UpdatePI Verbose Emit update status: (PENDING_UPDATE)
8/13/2018 2:26:58 PM UpdatePI Verbose Update started.
8/13/2018 2:26:59 PM LogPI Warning Stopping Log Manager 9.5.30.140377
8/13/2018 2:27:14 PM LogPI Verbose Opened log file 20180813.txt.
8/13/2018 2:27:14 PM LogPI Warning Starting Log Manager 8.8.2.119893.