Endpoint Protection Error Certificate Chain could not be built to a trusted root authority

Need help installing endpoint protection on Windows 8.1. Getting error:

Certificate chain could not be built to a trusted root authority: C:\\Users\[admin]\AppData\Local\Temp\SophosSetup-xxxxxxxxx\Setup.exe

Error downloading/running stage 2: Verify file failed for the stage 1 installer binary. See KB-000044065 (searched everywhere and couldnt find this KB).

If anyone could shed me some light on this error, thank you.



Added TAGs
[edited by: Qoosh at 11:14 PM (GMT -7) on 11 Jul 2022]
  • Hi Kheir,

    Thank you for reaching out to the Sophos Community Forum. 

    I suggest checking if automatic updating of root certificates is disabled on the affected device. You can find further information on how to check this in the following article.
    - Automatic Root Certificates Update is turned off, which could lead to installation and communication failures

    You can also try the following steps to manually import the necessary certificate. 

    1. Access the file referenced in the log:
      eg:C:\\Program Files (x86)\\Sophos\\CloudInstaller\\SophosSetup_Stage2.exe
    1. Access the Properties of the file 
    2. Click the Digital Signatures tab.
    3. Select Sophos Ltd in the Signature list and click Details.
    4. Click View Certificate and then click the Install Certificate...
    5. On the Certificate Import Wizard select Store Location Local Machine and click Next.
    6. Leave the default option Automatically select the certificate store based on the type of certificate selected and click Next, then Finish.
    7. The message 'The import was successful' should be displayed. Click OK to exit the windows.
    8. Reinitiate the installation.

    If you could post a screenshot of the notification you are receiving, that would be much appreciated, as we should not be referencing outdating KBA's in the hardcoded error messages. 
    Please also verify you are using a newly downloaded installer. 

    Let me know if this works for you.

    Kushal Lakhan
    Global Community Support Engineer
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Hello,

    I have the same problem.
    The server is already running Sophos, but does not get updates and I wanted to install the client over it.

    The setup file is up to date. I have installed the certificate as described by them. No change.

    LOG: 

    2022-07-13T09:10:10.5960558Z INFO : Running C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\2\\SophosSetup-337522247\\Setup.exe
    2022-07-13T09:10:10.5960558Z INFO : IsWow64Process2 not available on older platforms
    2022-07-13T09:10:10.5960558Z INFO : Stage 1 command-line options:
    2022-07-13T09:10:10.5960558Z INFO : ---
    2022-07-13T09:10:10.5960558Z INFO : Quiet mode on: 0
    2022-07-13T09:10:10.5960558Z INFO : Automatic Proxy detection disabled: 0
    2022-07-13T09:10:10.5960558Z INFO : No feedback mode on: 0
    2022-07-13T09:10:10.5960558Z INFO : Dump feedback enabled: 0
    2022-07-13T09:10:10.5960558Z INFO : Bypass competitor removal: 0
    2022-07-13T09:10:10.5960558Z INFO : Using CRT catalog file path: --
    2022-07-13T09:10:10.5960558Z INFO : Only register endpoint with Central: 0
    2022-07-13T09:10:10.5960558Z INFO : Log messages between endpoint and Central: 0
    2022-07-13T09:10:10.5960558Z INFO : Log command-line passed to executables: 0
    2022-07-13T09:10:10.5960558Z INFO : Using custom server that hosts the installer stage2 filename: --
    2022-07-13T09:10:10.5960558Z INFO : Using cloud group: --
    2022-07-13T09:10:10.5960558Z INFO : Overriding computer name: --
    2022-07-13T09:10:10.5960558Z INFO : Overriding computer description: --
    2022-07-13T09:10:10.5960558Z INFO : Overriding domain name: --
    2022-07-13T09:10:10.5960558Z INFO : Language will be set to: --
    2022-07-13T09:10:10.5960558Z INFO : Using message relays: --
    2022-07-13T09:10:10.6116792Z INFO : Proxy address: --
    2022-07-13T09:10:10.6116792Z INFO : Proxy user name: --
    2022-07-13T09:10:10.6116792Z INFO : Using custom customer token: --
    2022-07-13T09:10:10.6116792Z INFO : Using specified products: --
    2022-07-13T09:10:10.6116792Z INFO : Using certificates from the program data folder: 0
    2022-07-13T09:10:10.6116792Z INFO : Setting non-persistent image: 0
    2022-07-13T09:10:10.6116792Z INFO : Setting gold image: 0
    2022-07-13T09:10:10.6116792Z INFO : MCS registration timeout for golden image: --
    2022-07-13T09:10:10.6116792Z INFO : Using custom customer ID: --
    2022-07-13T09:10:10.6116792Z INFO : Using specified user ID: --
    2022-07-13T09:10:10.6116792Z INFO : Using local install source: --
    2022-07-13T09:10:10.6116792Z INFO : Invoked as part of SEC migration: 0
    2022-07-13T09:10:10.6116792Z INFO : ---
    2022-07-13T09:10:10.6116792Z INFO : IsWow64Process2 not available on older platforms
    2022-07-13T09:10:10.6116792Z INFO : Detected architecture: 2
    2022-07-13T09:10:10.6116792Z INFO : Using x86 program files for stage 2
    2022-07-13T09:10:10.6116792Z INFO : IsWow64Process2 not available on older platforms
    2022-07-13T09:10:10.6116792Z INFO : Target path: C:\\Program Files (x86)\\Sophos\\CloudInstaller
    2022-07-13T09:10:10.6429388Z ERROR : Certificate chain could not be built to a trusted root authority: C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\2\\SophosSetup-337522247\\Setup.exe
    2022-07-13T09:10:10.6429388Z ERROR : Error downloading/running stage 2: Verify file failed for the stage 1 installer binary. See KB-000044065

  • Does running the following commands help from an admin prompt:

    mkdir C:\digicerttemp

    cd C:\digicerttemp

    certutil.exe -urlcache -f https://cacerts.digicert.com/DigiCertTrustedRootG4.crt C:\digicerttemp\DigiCertTrustedRootG4.crt

    certutil.exe -addstore root C:\digicerttemp\DigiCertTrustedRootG4.crt

    cd \

    rmdir digicerttemp /S /Q