Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows Installer - certificate is not valid any more #1823

Open
dtavb opened this issue Nov 13, 2019 · 4 comments
Open

Windows Installer - certificate is not valid any more #1823

dtavb opened this issue Nov 13, 2019 · 4 comments
Labels

Comments

@dtavb
Copy link

@dtavb dtavb commented Nov 13, 2019

I was wondering because npcap could not be installed anymore on Windows Server.
The most recent setup version of npcap (0.9984) is using a certificate (issued to: Insecure.Com LLC) valid from 03.Nov 2016 to 07. Nov 2019.

@dmiller-nmap

This comment has been minimized.

Copy link

@dmiller-nmap dmiller-nmap commented Nov 14, 2019

Thanks for this report. There should be no problem with the signatures themselves, including the signatures on the driver, because they are authoritatively timestamped to before the certificate expired. However, we are aware that there may be additional security warnings on brand-new installations because the installer cannot add the appropriate certificate to the trust store prior to doing the driver installation.

When installing a signed driver, if the certificate used in the signature is not in the system's trust store, Windows will prompt "Would you like to install this device software?" In order to avoid this additional step, our installer bundles a copy of our certificate and calls certutil.exe to add it to the trust store using the administrator privileges that the installer runs under. At this point, Windows may refuse to install the certificate if it is expired, and we have had reports of endpoint security software flagging the installation of the certificate as an indicator of compromise. If the installation is allowed to continue, the user will see the aforementioned security prompt and can choose to proceed with the installation. There will be no further issues, and Npcap will work as expected.

We have already renewed our code signing certificate, and the next release will use the new certificate which is valid for 3 years.

@fyodor

This comment has been minimized.

Copy link

@fyodor fyodor commented Nov 14, 2019

Hi @dtavb . Thanks for the report. When you say "could not be installed anymore", what exactly is happening when you try to install it that prevents it from succeeding? Do you receive an error message? Maybe you could take a screenshot of the message and post it? I'm wondering if it is coming from Windows or maybe some AV/monitoring software you are running or maybe something else? As Dan mentioned in his detailed reply, we have a new certificate now and can do a new release with that if necessary. If anyone else is having this problem, please post here as well with details. Thanks!

@fyodor

This comment has been minimized.

Copy link

@fyodor fyodor commented Nov 18, 2019

Just as another point of information, I received a direct report from someone who was having similar certificate problems. They mentioned that they are using Virsae Service Management and they were receiving this alarm message:

Alarm Type - Certificate Expired
Administered ID - CN=Insecure.Com LLC, O=Insecure.Com LLC, L=Seattle, S=Washington, C=US, SERIALNUMBER=200010310013, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=California, OID.1.3.6.1.4.1.311.60.2.1.3=US
Severity - 2
Description - A certificate loaded in to the Operating System has expired

@dtavb

This comment has been minimized.

Copy link
Author

@dtavb dtavb commented Nov 18, 2019

thanks for your information. I want to install npcap on a win-server (2012 r2, sorry no option to it on a newer win-server release at the moment), but the installation would be aborted with the following message: "Failed to create the npcap service for Win7, Win8 and Win10. Please try installing Npcap again, or use the latest official Npcap installer from https://nmap.org/npcap/"
the update-level of this win-server is up-to-date. After a short view I have seen the expired cert. A warning message because of the expired cert is not displayed by windows. However, I would wait for the new release with a valid certificate. I agree with you, typically this expired certificate should not be the reason for the cancelled installation. So, I think this issue could be closed, a valid certificate is included in the next release and I am going to give a new trail to install npcap :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.