Root Certificate Error

Problem

You're trying to install Microsoft updates and you see the following error: " A certificate chain processed but terminated in a root certificate which is not trusted by the trust provider ".

Cause

This error occurs when the application you try to install is being signed by a set of new certificates that require updates. Typically, the Windows root certificate program automatically downloads these new root certificates. However, the Windows root certificate program may not function as expected if the computer is disconnected from the internet or if the root certificates update is disabled through Group Policy.

Resolution

For updating trusted Certificates offline, kindly follow the steps below : 

  1. Generate root.sst file. The file gets downloaded in the C drive. 
    certutil.exe -generateSSTFromWU C:/root.sst
  2. Download Trusted Certficate List from Windows Update: link
  3. Download Disallowed Certificate List from Windows Update: link
  4. Move root.sst, authrootstl.cab and disallowedcertstl.cab files to a different folder (the authrootstl.cab and disallowedcertstl.cab files will get downloaded in the downloads folder).
  5. Execute the commands given below:
    cd <path to folder>
    certutil.exe -addstore -f root root.sst
    expand.exe -F:* authrootstl.cab authroot.stl
    expand.exe -F:* disallowedcertstl.cab disallowedcert.stl
    certutil.exe -addstore -f root authroot.stl
    certutil.exe -addstore -f disallowed disallowedcert.stl

If the issue persists even after following the above mentioned resolution, please feel free to contact Support