Troubleshooting CodeTwo certificate validation problems
You are unable to use or access key features of your CodeTwo product or even start the program itself. You receive one of the following messages:
Failed to verify application certificates on this machine.
The library is signed with an invalid certificate.
The most probable cause of the problem is that your program is not up to date. The problem may also occur either because your machine cannot access the CodeTwo licensing service or because the program's SSL certificate cannot be verified. You may as well encounter this problem when changing an Internet Service Provider, as your DNS settings might still point out to the previous ISP's IP addresses. Use the links below to find solutions to all these problems:
- Updating your CodeTwo product
- Allowing access to the CodeTwo licensing service
- Enabling CodeTwo SSL certificate verification
- Changing the DNS settings for your network adapter
You also might try applying the solutions provided in this Knowledge Base article.
Using an outdated version of a program may be the primary cause of the problem. To check if your CodeTwo product is up to date, click the Check for updates link on the Dashboard, as shown in Fig. 1.
Once you complete the update, there shouldn’t be any problems with certificate validation, and your CodeTwo software should work as expected. If the software is up to date but you still encounter certificate-related issues, proceed with the next step.
Check the internet connection on the machine where your CodeTwo software is installed. If you're using both local and network-wide security systems like firewalls, proxies or other protection software, make sure to unlock access to the CodeTwo licensing service at the following URL:
Additionally, to be able to receive the CodeTwo SSL certificate, you also need to unlock access to the following GoDaddy endpoints:
over ports 80 (HTTP) and 443 (HTTPS).
Once the connection to the licensing service has been established, your CodeTwo software should work without any problems.
This problem applies to Windows 7 or Windows Server 2008 R2 only.
The expired Microsoft Certificate Trust List Publisher certificate is causing CAPI2 error 4107 that makes it impossible to verify any certificate. To fix this, you need to remove the expired certificate from the cache by following the steps below:
If you're using CodeTwo Backup, you first need to stop CodeTwo Backup Service before proceeding. To do so:
- Close the program, go to Control Panel > Administrative Tools > Services, and find CodeTwo Backup Service on the list of services (Fig. 2.).
- Right-click it and select Stop.
Once you've completed all the steps below, restart the service by right-clicking it in the Services window and selecting Start.
- Sign in to your Windows system as the local admin that uses CodeTwo software.
- Open Windows Command Prompt (Start > All Programs > Accessories > Command Prompt).
- Type the following command:
certutil -urlcache * deleteand press Enter.
- Go to the Windows directory (it’s usually located in C:\Windows but you can quickly find it by opening the Run dialog box and typing %windir%).
- Delete the contents of the following directories:
%windir%\ServiceProfiles\LocalService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content %windir%\ServiceProfiles\LocalService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData %windir%\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content %windir%\ServiceProfiles\NetworkService\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData %windir%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content %windir%\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
If you don't see these folders, you need to enable hidden folders first. To do so, go to Control Panel > Appearance and Personalization > Folder Options and, on the View tab, select the Show hidden files and folders checkbox and clear the Hide protected operating system files checkbox. Click OK to apply.
You should now be able to use your CodeTwo product without any problems.
Incorrect DNS settings may also prevent CodeTwo software from connecting to the licensing service. If, for example, you have recently changed your ISP, you should also update DNS records in case they are pointing to the old IP addresses. Contact your network administrator for the correct IP addresses or try using the IP addresses of third-party DNS providers like Google Public DNS or OpenDNS. To update DNS records:
- Go to Control Panel > Network and Sharing Center > Change adapter settings.
- Right-click your network adapter and select Properties.
- Select Internet Protocol Version 4 (TCP/IPv4) and once again click Properties.
- Select the Use the following DNS server addresses and either enter the IP addresses of your ISP or, for example:
- Google DNS:
- Google DNS:
- Click OK to save changes.
Once done, restart your computer. After doing so, your CodeTwo software should have no problems with obtaining the licensing information.