This project has moved and is read-only. For the latest updates, please go here.

[Solved] Certificate Validation in the new version

Topics: Configuration Issue
Jun 10, 2013 at 9:40 PM

For awhile know we have been receiving the "The certificate is invalid" when used the WSUS Package Publisher tool, but we have been ignoring it because our certificates worked deploying MSI packages through the "WSUS Package Publisher" tool. We just thought the tool didn't like using our in-house created certificates that we have been using for the past few years.

The new version of the WSUS Package Publisher displays this same error, but now it won't let us publish any new MSIs. Is there anyway to figure out why the tool doesn't like our in-house certificates even though they work deploying MSI files?

Note 1: The "Certificate Path" information shows that the publishing certificate and the trusted CA are OK.
Note 2: The CA certificate is installed in the "Trusted Root Certificate Authority" folder.
Note 3: The publishing certificate is installed the "WSUS" and "Trusted Publishers" folder.
Jun 11, 2013 at 11:02 AM
Are you using WPP on the Wsus Server or on an administrative computer ?
Jun 11, 2013 at 3:35 PM
I have tried it on the WSUS server and on an administrative computer. Both return the same error.
Jun 13, 2013 at 4:24 PM
Any thoughts on this?

Can I bypass the certificate check on the new version of the tool?
Jun 13, 2013 at 7:00 PM
Edited Jun 13, 2013 at 7:42 PM
Sorry, I really have no idea on why WPP judge your certificate invalid while it is not.
I only use the 'Verify()' method of the 'System.Security.Cryptography.X509Certificates.X509Certificate2' class. And this method return 'False' for your certificate while you're using it with success for Wsus. This is a strange behavior.

The current release do not allow users to publish update with an invalid certificate.
In the next release, I will add an option to ignor this error. This is not a good way, but I'm not as expert as I should to solve this strange behavior. May be later...
Jun 13, 2013 at 7:43 PM
Send me an email at , I will send you a BETA version of the next release. You will be able to test this option.
Jun 17, 2013 at 3:00 PM
The new version addresses this issue. Thanks.
Aug 20, 2013 at 2:29 AM
I have exactly the same problem. Can you as well send me the Beta version. I will send you an email.. thanks..
Aug 20, 2013 at 6:33 AM
I Chriserasmo, I have received your mail.
If you are using the latest release (v1.2.1308.15), the option is already present in the Settings :

Ignore Code-Signing Errors

Note that, if your Certificate is REALLY invalid, this option will not make it to work with your Wsus Server !
Marked as answer by DCourtel on 10/12/2013 at 8:40 AM
Aug 20, 2013 at 6:42 AM
Hi DCourtel,

Thanks for your reply. Actually i am using the 1.2.1307.15. I cannot find the latest version (v1.2.1308.15). Could you send me the link for the latest version. I cannot find it on the website.


Aug 20, 2013 at 9:58 AM
Edited Aug 20, 2013 at 9:58 AM
Sorry, It's my bad. The current release is actually v1.2.130__7__.15. you should have the option in your version.
Oct 23, 2014 at 12:46 PM
I tried to configure a self signed certificate, installed it correctly on the WSUS but, when I try to start a connection comes an error "The certificate is invalid. You will not be able to publish updates."

I'm not able to publish updates without errors.

What can I do?