It may be necessary to manually update root certificates on a Windows machine where the ALM Client certificates still won't allow the client installation
On a machine with internet access...
- Open a cmd prompt as admin
- Navigate to a folder somewhere, i.e C:\Temp
- Type: CertUtil âgenerateSSTFromWU Rootstore.sst
- Current root certificates updates will download and write to the file "Rootstore.sst"
- Copy the .sst file from the path in Step 2 to the machine(s) which does not have internet access
On the machine without internet access...
- Click Start>Run. Alternatively click windows keyboard button + R
- Type: certmgr.msc - this opens the certificate manager
- Right click on the item "Trusted Root Certification Authorities
- Select All Tasks>Import
- Click Next
- Click "Browse", change the file type in the lower right selection drop-down to "All Files"
- Navigate to the location .sst file obtained from the previous set of steps and select the file
- Click Next
- Specify the radio item "Place all certificates in the following store. "Trusted Root Certification Authorities" should be specified
- Click Next, Click Finish - Note: It is necessary to click "Yes" very many times, each for every certificate which resides in the .sst file.
- Repeat steps 1-10 except specify the "Trusted Publishers" container for Steps 3 and 9