Issue: Microsoft Authenticode fails for GPU-Z.2.63.0.exe
Testing:
Note: OpenSSL reports certificates are fine however Authenticode fails
1. Download the installer for the Windows SDK from Windows SDK - Windows app development | Microsoft Developer.
2. Run the setup and only choose the signing tools during installation as that's all you need.
3. Create a txt file with the name "verify" and add the following two lines (the second line is the name of the installer)
verify
GPU-Z.2.63.0.exe
3. Run signtool @verify to validate your installer
4. To list all the certificates being checked update the file
verify /debug
GPU-Z.2.63.0.exe
Results
This is required to open the software on Windows 11 24H2 or later
Windows Defender's Smart App protection blocks you from opening the file. There is no exclusion list and you cannot turn off the feature without disabling it permanently (system reinstall).
Further diagnosis lists the root certificates in the chain. The Digicert Trusted Root G4 signature does not match the one on the Microsoft Root Certificates list for Windows. Please resign your software with updated certificates so its Authenticode compliant.
Results (debug)
Testing:
Note: OpenSSL reports certificates are fine however Authenticode fails
1. Download the installer for the Windows SDK from Windows SDK - Windows app development | Microsoft Developer.
2. Run the setup and only choose the signing tools during installation as that's all you need.
3. Create a txt file with the name "verify" and add the following two lines (the second line is the name of the installer)
verify
GPU-Z.2.63.0.exe
3. Run signtool @verify to validate your installer
4. To list all the certificates being checked update the file
verify /debug
GPU-Z.2.63.0.exe
Results
Code:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64>signtool @verifygpuz
File: GPU-Z.2.63.0.exe
Index Algorithm Timestamp
========================================
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
Number of errors: 1
C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64>This is required to open the software on Windows 11 24H2 or later
Windows Defender's Smart App protection blocks you from opening the file. There is no exclusion list and you cannot turn off the feature without disabling it permanently (system reinstall).
Further diagnosis lists the root certificates in the chain. The Digicert Trusted Root G4 signature does not match the one on the Microsoft Root Certificates list for Windows. Please resign your software with updated certificates so its Authenticode compliant.
Results (debug)
Code:
C:\Program Files (x86)\Windows Kits\10\bin\10.0.26100.0\x64>signtool @verifygpuz
Verifying: GPU-Z.2.63.0.exe
Signature Index: 0 (Primary Signature)
Hash of file (sha1): 4F8EC31F2D328163DCAC4E5E9DA54B6D21D0441D
Signing Certificate Chain:
Issued to: SSL.com EV Root Certification Authority RSA R2
Issued by: SSL.com EV Root Certification Authority RSA R2
Expires: Sat May 31 05:14:37 2042
SHA1 hash: 743AF0529BD032A0F44A83CDD4BAA97B7C2EC49A
Issued to: SSL.com EV Code Signing Intermediate CA RSA R3
Issued by: SSL.com EV Root Certification Authority RSA R2
Expires: Thu Mar 23 04:44:23 2034
SHA1 hash: D2953DBA95086FEB5805BEFC41283CA64C397DF5
Issued to: TechPowerUp LLC
Issued by: SSL.com EV Code Signing Intermediate CA RSA R3
Expires: Tue Apr 15 07:06:58 2025
SHA1 hash: 8DAAE716F69B30A0DDC8C8A3F8EAC6C5B328CFD2
The signature is timestamped: Fri Feb 21 23:04:27 2025
Timestamp Verified by:
Issued to: DigiCert Assured ID Root CA
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 11:00:00 2031
SHA1 hash: 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Issued to: DigiCert Trusted Root G4
Issued by: DigiCert Assured ID Root CA
Expires: Mon Nov 10 10:59:59 2031
SHA1 hash: A99D5B79E9F1CDA59CDAB6373169D5353F5874C6 <<< THIS IS THE ISSUE >>>
Issued to: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
Issued by: DigiCert Trusted Root G4
Expires: Mon Mar 23 10:59:59 2037
SHA1 hash: B6C8AF834D4E53B673C76872AA8C950C7C54DF5F
Issued to: DigiCert Timestamp 2024
Issued by: DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA
Expires: Mon Nov 26 10:59:59 2035
SHA1 hash: DBD385EE62DBD23E7BE4F67148508724D5865B45
SignTool Error: A certificate chain processed, but terminated in a root
certificate which is not trusted by the trust provider.
Number of files successfully Verified: 0
Number of warnings: 0
Number of errors: 1
Last edited:
