Error "Windows cannot verify the digital signature for this file." due to SHA-256 signature not supported on Windows 7

Solution ID:    SO26221    Updated:    05/02/2016

Problem

Signed files with SHA-2 (SHA-256) signature hashing algorithm on Windows 7 failed to run and produces an error warning.

 

Error Message

"Error: "Windows cannot verify the digital signature for this file."

A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source

Cause

Only Windows 8 supports signatures signed with the SHA-256 hashing algorithm out of the box. By default, Windows 7 only works with SHA-1 signed hashing algorithm.

Solution

Windows 7 users looking for a workaround have two options;

  1. Apply the latest hotfix from Microsoft on your machine, this hotfix adds functionality for the SHA-2 hashing algorithm to all supported editions of Windows 7 and Windows Server 2008, please refer to the link -​ https://technet.microsoft.com/en-us/library/security/3033929.aspx
  2. Reissue the certificate as SHA-1 ​
    • For a Retail Code Signing Certificate for Microsoft Authenticode: Replace the certificate with the steps in this instruction: SO1737.
      Note: Select SHA-1 under Hashing Algorithm.​
    • For ​Extended Validation (EV) Code Signing certificate – please note that Symantec no longer offers SHA-1 certificates.

For more information on Dual signing, please view the Microsoft article - Signing a Driver for Public Release under the section "Signing a driver package with two signatures".

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers