Frequently Asked Question

Issue Installing Kepware Due to missing Root Certificates
Last Updated 6 months ago

Problem:

KEPServerEX fails to install and posts the following message: “Installation failed. ‘KEPServerEX6.exe’ is not trusted”.
KEPServerEX fails while attempting to install the Visual C++ Redistributable Packages for Visual Studio 2013 (2013 CRT) and posts the following message: “CreateProcess failed (266). Please rerun install.”

Solution:

Update the root certificates.

Option 1:
For computers that are connected to the internet, ensure that root certificate updates are allowed and then run Windows Update until all updates are current. This may require multiple attempts and reboots.

  1. Launch the Local Group Policy Editor by typing gpedit.msc in the Search bar and right-clicking to Run as Administrator.
  2. Browse to Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings.
  3. Double-click on ‘Turn off Automatic Root Certificates Update’.
  4. Click Disabled and click Apply.
  5. Run Windows Update.
Note: This setting may be “pushed” to the computer by a domain controller so it may be necessary to contact IT if the setting doesn’t persist. As an alternative, follow the steps outlined below.

Option 2:
Manually install the required SHA2 Root certificates
  • Please use root-certificatesverasign.zip if using Kepware Version 6.1 to 6.4
  • Please use root_cert_pkgforglobalsign.zip if using 6.5 or Above
  1. Launch the Microsoft Management Console by typing mmc.exe in the Search bar and right-clicking to Run as Administrator.
  2. Click File then click Add/Remove Snap-in.
  3. Select Certificates from the list of snap-ins and click Add.
  4. Click the Computer account radio box and click Finish.
  5. Click OK to close the Add or Remove Snap-ins window.
  6. In the tree, browse to Certificates (Local Computer) > Trusted Root Certification Authorities > Certificates.
  7. Right-click on Certificates and select All Tasks > Import.
  8. Click Next then browse to ‘VeriSign Universal Root Certification Authority.cer’.
  9. Click Next and verify that this certificate will be placed into the Trusted Root Certification Authorities store.
  10. Click Next then click Finish.
  11. Repeat for ‘Microsoft Root Certificate Authority 2011.crt’.
  12. Repeat for ‘VeriSign Class 3 Public Primary Certification Authority - G5.cer’.

Please Wait!

Please wait... it will take a second!