Issue
During installation of hotfix for EBO you get a "Hotfix file signature validation" error saying that Device Administrator cannot verify the issuer of the file signature's certificate.
In older versions of Device Administrator you might get an alternative error message "Invalid hotfix file" saying that the file does not have a valid Schneider signature.
Product Line
EcoStruxure Building Operation
Environment
- Building Operation Automation Server
- Building Operation Automation Server Premium
- Building Operation Automation Server Bundled
- Device Administrator
- Offline system
- Version 3.1 and later
Cause
EBO hotfixes for SmartX Server are signed with a certificate to ensure that only valid files can be used. This certificate must be validated before you can use a new PC to install a hotfix.
If the PC has not had any internet connection while previously installing a hotfix or does not have an internet connection, the certificate cannot be validated and hotfix installation therefore fails.
Resolution
There are two solutions
Solution 1
Connect your PC to the Internet and install the hotfix on a SmartX Server. The certificate is validated, and the PC can subsequently be used to install hotfixes on other SmartX Servers, even if you are offline.
Solution 2
You can manually import certificates and CRL (Certificate Revocation List)
- Download and save the following files:
http://s1.symcb.com/pca3-g5.crl
http://sv.symcb.com/sv.crl
If the above URL's are blocked by your browser please download them here or the attached ZIP file. - Start a command prompt (cmd.exe) as administrator.
- Browse to the folder where the files from step 1 are stored.
- Run the following commands:
CertUtil -AddStore CA pca3-g5.crl
CertUtil -AddStore CA sv.crl - Export host, intermediate, and root certificates from the hotfix file.
- Install the 3 certificates with the default selection.
- Restart Device Administrator and install the hotfix.
Video for step 5 and 6:
