8
Several years ago I installed an application called Net Limiter on my then Windows 7, since upgraded to Windows 10, machine. Earlier today I attempted to uninstall it while cleaning up applications I haven't used in a long time. The uninstall failed with an error message about the installer not being trusted.
After a bit of investigation I think I found the problem. The signing cert has expired and was revoked by the issuing CA.
Stymied with the original installer I went to the vendor to see if I could bypass the issue by upgrading to a newer version and then uninstalling that. Unfortunately I struck out there. The current version of the application (4.x) installed beside the old one instead of replacing it, and the most recent 3.x installer refuses to start because I have a different version already installed and "helpfully" tells me to remove it via Add/Remove programs first.
1The simplest solution. Manually place the expired certificate into your certificate store, uninstall the application, then remove the certificate when you are done. Certificates do become "not safe" just because they are expired, if you trusted the certificate originally, then your trusting it again today. – Ramhound – 2016-07-22T00:39:44.680
@Ramhound I just added the certificate to the Trusted Publishers store for Local Machine (and verified that it's present and enabled in the certificate manager); but I'm still getting the same denied error from UAC. – Dan is Fiddling by Firelight – 2016-07-22T00:47:34.787
If you disable UAC entirely, or as much as you can on Windows 10, will it allow you to uninstall the program? You might also have to trust the installer's certificate and the certificate that signed it. – Ramhound – 2016-07-22T00:49:03.853
@Ramhound Nope. UAC on the lowest slider setting didn't do anything except drop the denied message onto the normal desktop. – Dan is Fiddling by Firelight – 2016-07-22T00:51:56.060
might help to say what software this is? I'd also toy with changing the date to the past – Journeyman Geek – 2016-07-22T00:52:05.513
Any chance you can provide a copy of the uninstaller? Or extract the certificate? I wonder if you could just remove the signature entirely...
– Bob – 2016-07-22T00:55:53.623Possible Related you might be able to sign it again with your own certificate if its a explicit revocation. – Ramhound – 2016-07-22T00:59:08.150
Signing an Edited Windows Installer package (msi file) – Ramhound – 2016-07-22T01:00:43.137
@JourneymanGeek That almost worked; and changed the nature of my problem in the process. Rolling the date back defeated the expired certificate check. Only to have the uninstaller crash with a cryptic error message that will probably require contacting the vendor to resolve. https://i.imgur.com/ijaSyJt.png
– Dan is Fiddling by Firelight – 2016-07-22T01:02:49.267