Troubleshooting CodeTwo certificate validation problems

Problem:

You are unable to use or access key features of your CodeTwo product or even start the program itself. You receive one of the following messages:

Failed to verify application certificates on this machine.

or

The library is signed with an invalid certificate.

Solution:

This problem occurs either because your machine cannot access the CodeTwo licensing service or because the program's SSL certificate cannot be verified. You may also encounter this problem when changing an Internet Service Provider, as your DNS settings might still point out to the previous ISP's IP addresses. Use the links below to find solutions to all these problems:

Allowing access to the CodeTwo licensing service

First of all, check the internet connection on the machine where your CodeTwo software is installed. If you're using both local and network-wide security systems like firewalls, proxies or other protection software, make sure to unlock access to the CodeTwo licensing service at the following URL:

https://licensing.codetwo.com/public

Additionally, to be able to receive the CodeTwo SSL certificate, you also need to unlock access to the following GoDaddy endpoints: 

ocsp.godaddy.com
crl.godaddy.com

over ports 80 (HTTP) and 433 (HTTPS).

Once the connection to the licensing service has been established, your CodeTwo software should work without any problems.

Enabling CodeTwo SSL certificate verification

Important

This problem applies to Windows 7 or Windows Server 2008 R2 only.

The expired Microsoft Certificate Trust List Publisher certificate is causing CAPI2 error 4107 that makes it impossible to verify any certificate. To fix this, you need to remove the expired certificate from the cache by following the steps below: 

Additional steps for CodeTwo Backup

If you're using CodeTwo Backup, you first need to stop CodeTwo Backup Service before proceeding. To do so:

  • Close the program, go to Control Panel > Administrative Tools > Services, and find CodeTwo Backup Service on the list of services (Fig. 1.).

682-4
Fig. 1. Locating CodeTwo Backup Service.

  • Right-click it and select Stop.

Once you've completed all the steps below, restart the service by right-clicking it in the Services window and selecting Start

  1. Sign in to your Windows system as the local admin that uses using CodeTwo software.
  2. Open Windows Command Prompt (Start > All Programs > Accessories > Command Prompt).
  3. Type the following command:
    certutil -urlcache * delete
    and press Enter.
  4. Go to the Windows directory (it’s usually located in C:\Windows but you can quickly find it by opening the Run dialog box and typing %windir%).
  5. Delete the contents of the following directories:
    %windir%\ServiceProfiles\LocalService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
    %windir%\ServiceProfiles\LocalService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
    %windir%\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
    %windir%\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
    %windir%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
    %windir%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData

    Important

    If you don't see these folders, you need to enable hidden folders first. To do so, go to Control Panel > Appearance and Personalization > Folder Options and, on the View tab, select the Show hidden files and folders checkbox and clear the Hide protected operating system files checkbox. Click OK to apply.

You should now be able to use your CodeTwo product without any problems. 

Changing the DNS settings for your network adapter 

Incorrect DNS settings may also prevent CodeTwo software from connecting to the licensing service. If, for example, you have recently changed your ISP, you should also update DNS records in case they are pointing to the old IP addresses. Contact your network administrator for the correct IP addresses or try using the IP addresses of third-party DNS providers like Google Public DNS or OpenDNS. To update DNS records:

  1. Go to Control Panel > Network and Sharing Center > Change adapter settings.
  2. Right-click your network adapter and select Properties.
  3. Select Internet Protocol Version 4 (TCP/IPv4) and once again click Properties.
  4. Select the Use the following DNS server addresses and either enter the IP addresses of your ISP or, for example:
    • Google DNS:
      primary: 8.8.8.8
      secondary: 8.8.4.4
    • OpenDNS:
      primary: 208.67.222.222
      secondary: 208.67.220.220
  5. Click OK to save changes.

Once done, restart your computer. After doing so, your CodeTwo software should have no problems with obtaining the licensing information.