This error occurs when the Kepware installer cannot verify the digital signature of its setup files because the required are missing or outdated on your Windows system . This is common on offline machines or older operating systems like Windows 7 that haven't received recent security updates . Immediate Solutions
Resolving the “exclusive root certificate” failure is a lesson in bridging security silos. The immediate fix involves manually updating the Windows root certificate store. On an online machine, simply running Windows Update or installing the “Update for Root Certificates” (KB931125) often suffices. For air-gapped systems, an administrator must export the required root certificate from an internet-connected machine (by examining the digital signature of the Kepware executable or its installer) and then import it into the offline machine’s Trusted Root store using the Microsoft Management Console (MMC) Certificates snap-in. A more subtle solution involves temporarily disabling certain antivirus or application control software that intercepts certificate validation. Some hardened security suites inject their own roots or block access to the default Windows store, causing the Kepware installer to see an empty or altered store. Ultimately, the error forces a choice: relax restrictive security policies just enough to allow the legitimate root, or accept that modern industrial software requires periodic trust maintenance.
An incorrect system date can break certificate validation. This error occurs when the Kepware installer cannot
The easiest solution, recommended by PTC, is to ensure the machine has the latest updates. This automatically installs the necessary Root Certification Authorities.
. This is especially common on air-gapped systems or older versions of Windows Server (e.g., 2016) that haven't received recent Windows Updates Immediate Solutions The immediate fix involves manually updating the Windows
Method 1: The Command-Line Certificate Import (Recommended for Air-Gapped Systems)
:
Then:
The error "The installer was unable to find required root certificates" is not a bug in Kepware but a reflection of Windows' evolving security model. As cyber-attacks on supply chains increase, code signing becomes more rigorous, and outdated Windows builds are left behind. code signing becomes more rigorous
