A certificate chain could not be built to a trusted root authority

Heath Stewart

This was a preview of a Knowledge Base article which has been published as KB2746268.


After Visual Studio 2012 has been installed, the finish page displays the following:

Setup Completed
However, not all features installed correctly.

Please correct the following problems to ensure full product functionality. Click here to see the most common issues and workarounds or here to review the log file.

Microsoft Web Deploy 3.0
A certificate chain could not be built to a trust root authority.

If you click to view the log file and search for “Error”, you will see log lines similar to the following:

[05B0:0500][2012-08-05T14:07:07]: Acquiring package: webdeploy_x64_en_usmsi_902, payload: webdeploy_x64_en_usmsi_902, copy from: D:packagesWebDeployWebDeploy_x64.msi
[04E4:0564][2012-08-05T14:07:08]: Error 0x800b010a: Failed to verify certificate chain policy status.
[04E4:0564][2012-08-05T14:07:08]: Error 0x800b010a: Failed to get certificate chain for authenticode certificate.
[04E4:0564][2012-08-05T14:07:08]: Error 0x800b010a: Failed to verify signature of payload: webdeploy_x64_en_usmsi_902
[04E4:0564][2012-08-05T14:07:08]: Failed to verify payload: webdeploy_x64_en_usmsi_902 at path: C:ProgramDataPackage Cache.unverifiedwebdeploy_x64_en_usmsi_902, error: 0x800b010a. Deleting file.
[04E4:0564][2012-08-05T14:07:08]: Error 0x800b010a: Failed to cache payload: webdeploy_x64_en_usmsi_902

Note: Some information contained in your logs will be different than what you see above.


Some components in Visual Studio 2012 were signed by a Certificate Authority that is not installed on Windows 7 or Windows Server 2008 R2. Computers that are not connected to the Internet also cannot automatically download these certificates.


To resolve this problem, please download the root certificate updates referenced in the following Knowledge Base article:

  • 931125 Windows root certificate program members

Note: The update actually applies to Windows XP and Windows Server 2003 and newer, so it will install on Windows 7 and Windows Server 2008 R2 which are the minimum supported Windows versions for Visual Studio 2012.

After you have installed the root certificate update, repair Visual Studio 2012 using the following instructions to install those packages affected by the problem described in this Knowledge Base article:

  1. Go to your Start menu.
  2. Type Programs and Features.
  3. Click Programs and Features in the search results.
  4. Find and select one of the products listed in the “Applies to” section.
  5. Click the Change button on the toolbar.
  6. Click the Repair button.
  7. If prompted, click Continue or Yes to elevate and continue with the installation.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the “Applies to” section.

More information

New root certificate authorities were created after Windows 7 and Windows Server 2008 R2 were released that enable strong signatures using a SHA256 hash. Computers that are connected to the Internet will automatically download these certificates; however, computers that are not connected to the Internet or have not already installed the root certificate update will not have the required certificate authority installed.

Once the updated certificate authorities are installed, repairing Visual Studio 2012 will install any missing components, so Web Deploy 3.0 or any other affected components will be installed.

Applies to

  • Microsoft Visual Studio Express 2012 for Web
  • Microsoft Visual Studio Professional 2012
  • Microsoft Visual Studio Premium 2012
  • Microsoft Visual Studio Ultimate 2012


Discussion is closed.

Feedback usabilla icon