We need to run “Register ALM client” on one of our servers that is running Jenkins and will integrate with ALM.
This server is a bit isolated and our IT department specifically does NOT run Windows Update on it for various reasons, so it is not getting the standard updates that might include these updated certs.
We CAN complete “register ALM Client” on our “normal” end-user PC’s, but on this SERVER, it fails and we get an “Unknown Publisher” error preventing the client from being registered. This is due to the expiration of the Sectigo AddTrust root certificate in May 2020.
Since it works on our workstations with Windows 7 and 10 I am assuming that it would work if we added all the certificates applied there, but they are reluctant to do that.
Marked as spam
You are on the right track!
Usually Windows Update should get the updates related to this cert, but examining a different working PC and copying certs is your fallback.
I have notified MicroFocus about this discrepancy related to the very OLD documentation relating to the certs and maybe they will update it soon.
So, the EASIEST solution is to allow Windows Update to occur on that PC/Server, and in lieu of that, you are left with comparing the working and not-working PC and migrating and cross/linking various certs yourself -- sorry it is not any easier.
Here are the MF references for handling this:
For reference see this very old 11.52 Patch 8 document: https://softwaresupport.softwaregrp.com/doc/KM02192516?fileName=SHA2_COMODO_KB_certificate_updated.pdf -- this PDF goes over getting the (now outdated) certs and manually putting them into the Windows Cert Import Wizard (root, then intermediate 1, then intermediate 2), BUT the cert hierarchy at Comodo has since changed.
Also, you could follow this KM https://softwaresupport.softwaregrp.com/doc/KM03573386 That shows how to manually update root certificates:
KM03573386 content here:
How to manually update root certificates on windows for machines which do not have internet access
It may be necessary to manually update root certificates on a Windows machine where the ALM Client certificates still won't allow the client installation
On a machine with internet access...
On the machine without internet access...
Marked as spam