Download of an update via SCCM fails with "invalid certificate signature"

Posted on Updated on

When you use the Software Updates features of System Center Configuration Manager (SCCM) and you download one or more updates to a deployment package, it’s possible one or more of those updates failed to download with the error message “Invalid certificate signature”. This means the signature (which is based on a certificate, hence the name “certificate signature”) of the download is invalid.

This is possible because the signature itself is incorrect because the creator or publisher of the update has signed the update incorrectly. This way the source of the update (the creator/publisher) cannot be verified for sure.
Another possibility is the fact that something has changed to the actual content of the update without adapting the signature. This means the integrity of the update is broken, because perhaps some malicious user has changed something to the update!
A third possibility is perhaps the least technical one and perhaps the most forgotten one: something went wrong when downloading the file or storing the file. Perhaps the file stored at MS got just corrupt, or could not be downloaded completely, or got corrupt when stored locally. Causes of these are multiple: bugs in software, hardware problems,… So getting this error message (“”) doesn’t per se means the presence of a virus or a hacker.

Most of the time it’s just a download that wasn’t completed successfully. Try to download the failed updates again. Most of the time the error message will disappear. Note that when a large amount of such error messages appear I think there is a big chance you don’t have a lot of free disk space left. I’ve never experienced other causes for this error message and I think other causes are rare, but of course not impossible.

To give you an example: the last time I got this error message, the following was mentioned in the dialog box appearing after the download job (containing several downloads):
Warning: HTTP Malware Definition Update for Microsoft Forefront Threat Management Gateway (Antimalware 1.101.1317.0)
Invalid certificate signature

Trying to download this update again (without the other updates, because they were downloaded correctly) solved the problem, so the cause was probably a non completed download (why? dunno… maybe because of a bug?).


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.